SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2376-1)

2022-07-13T00:00:00

Description

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2376-1 advisory. - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341) - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157) - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679) - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132) - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154) - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900) - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901) - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. (CVE-2022-33981) - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "SUSE_SU-2022-2376-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2376-1)", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2376-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-07-13T00:00:00", "modified": "2023-02-08T00:00:00", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "accessVector": "ADJACENT_NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.4}, "severity": "HIGH", "exploitabilityScore": 4.4, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.1, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/163068", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/1199657", "https://bugzilla.suse.com/1201222", "https://bugzilla.suse.com/1201050", "https://bugzilla.suse.com/1200442", "https://bugzilla.suse.com/1194013", "https://bugzilla.suse.com/1200600", "https://bugzilla.suse.com/1200816", "https://www.suse.com/security/cve/CVE-2021-26341", "http://www.nessus.org/u?d25d800b", "https://bugzilla.suse.com/1185762", "https://bugzilla.suse.com/1200806", "https://bugzilla.suse.com/1200829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900", "https://bugzilla.suse.com/1065729", "https://bugzilla.suse.com/1199487", "https://bugzilla.suse.com/1201177", "https://bugzilla.suse.com/1201193", "https://bugzilla.suse.com/1195775", "https://www.suse.com/security/cve/CVE-2022-29900", "https://bugzilla.suse.com/1198020", "https://bugzilla.suse.com/1201149", "https://bugzilla.suse.com/1201171", "https://bugzilla.suse.com/1200825", "https://bugzilla.suse.com/1200608", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901", "https://bugzilla.suse.com/1200925", "https://bugzilla.suse.com/1195504", "https://bugzilla.suse.com/1192761", "https://bugzilla.suse.com/1200807", "https://bugzilla.suse.com/1200822", "https://bugzilla.suse.com/1200810", "https://www.suse.com/security/cve/CVE-2022-29901", "https://bugzilla.suse.com/1200217", "https://www.suse.com/security/cve/CVE-2022-33981", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33981", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4157", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26341", "https://bugzilla.suse.com/1197754", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679", "https://www.suse.com/security/cve/CVE-2022-20154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20132", "https://bugzilla.suse.com/1201080", "https://bugzilla.suse.com/1200820", "https://bugzilla.suse.com/1200828", "https://bugzilla.suse.com/1200571", "https://bugzilla.suse.com/1201160", "https://bugzilla.suse.com/1200813", "https://bugzilla.suse.com/1197362", "https://www.suse.com/security/cve/CVE-2022-34918", "https://bugzilla.suse.com/1200692", "https://www.suse.com/security/cve/CVE-2022-1679", "https://bugzilla.suse.com/1200809", "https://www.suse.com/security/cve/CVE-2022-20132", "https://bugzilla.suse.com/1201147", "https://bugzilla.suse.com/1200263", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918", "https://bugzilla.suse.com/1193629", "https://www.suse.com/security/cve/CVE-2021-4157", "https://bugzilla.suse.com/1200622", "https://bugzilla.suse.com/1200821", "https://bugzilla.suse.com/1200619", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20154", "https://bugzilla.suse.com/1201143", "https://bugzilla.suse.com/1200599", "https://bugzilla.suse.com/1180814", "https://bugzilla.suse.com/1179195", "https://bugzilla.suse.com/1196901", "https://bugzilla.suse.com/1199489"], "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32250", "CVE-2022-33981", "CVE-2022-34918"], "immutableFields": [], "lastseen": "2023-03-02T12:46:41", "viewCount": 19, "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:1988", "ALSA-2022:5819", "ALSA-2022:7110"]}, {"type": "amazon", "idList": ["ALAS-2022-1571", "ALAS-2022-1604", "ALAS-2022-1636", "ALAS-2022-1852", "ALAS2-2022-1761", "ALAS2-2022-1813", "ALAS2-2022-1838", "ALAS2-2022-1852"]}, {"type": "amd", "idList": ["AMD-SB-1026", "AMD-SB-1037"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2022:5232"]}, {"type": "citrix", "idList": ["CTX461397"]}, {"type": "cnvd", "idList": ["CNVD-2022-53382"]}, {"type": "cve", "idList": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-1836", "CVE-2022-1966", "CVE-2022-20132", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32250", "CVE-2022-33981", "CVE-2022-34918"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3065-1:C1710", "DEBIAN:DLA-3102-1:8DD52", "DEBIAN:DLA-3131-1:083C4", "DEBIAN:DLA-3173-1:82909", "DEBIAN:DLA-3245-1:5D45B", "DEBIAN:DSA-5173-1:5A28E", "DEBIAN:DSA-5184-1:CABB7", "DEBIAN:DSA-5191-1:574E3", "DEBIAN:DSA-5207-1:0D465"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-4157", "DEBIANCVE:CVE-2022-1679", "DEBIANCVE:CVE-2022-20132", "DEBIANCVE:CVE-2022-20154", "DEBIANCVE:CVE-2022-29900", "DEBIANCVE:CVE-2022-29901", "DEBIANCVE:CVE-2022-32250", "DEBIANCVE:CVE-2022-33981", "DEBIANCVE:CVE-2022-34918"]}, {"type": "f5", "idList": ["F5:K57185580", "F5:K83713003"]}, {"type": "fedora", "idList": ["FEDORA:3622F307260C", "FEDORA:3E0893021FB2", "FEDORA:79262304C76D", "FEDORA:E6CE83084966"]}, {"type": "githubexploit", "idList": ["194848D4-3D8D-57C9-B93F-94A7FB834CC7", "34927D1B-4D9F-5B44-A08D-491384ED675E", "8C048A68-D3B8-57D5-9F89-6F850B0895AE", "96956207-1672-592D-A630-B4AE7A844347", "9CBE87B2-5ADC-5DA9-972B-132F77839B5F", "A5C99698-1B9B-58C5-8CD0-6C2D15021C06", "AEB0F5A5-E56A-5496-A431-5B7650A28B86", "BCD1465A-0399-584D-A327-72619907EC4C", "BE6625E5-8275-5164-A251-2EF421A388EC"]}, {"type": "ibm", "idList": ["1841E92577ACD6AADDBB49C1995A398D151CBC9679F1BA2B9C77425F2E40A55C", "2007FD1781CF2022D192260E43DD6A6A9D75EAE1E583F1FF51351C7A5D643FB1", "63C8B1DC63A3A0D366B1AA0E3DB24BD123F14B4EB29B74139B4FE1590E5E48A3", "7A34C5EA3878227646136480AF345DCC5DF882B26F65D3380EC0064BCCA45485", "B315A585CDBD4D516E60AAEBBA49CDD9274D016108F5F855F13CF2FE3AA0F562", "F8949F00CDCE086FCFA5F40AFADF9DB9E3B4DD10AB910034C41279EA96313C2A"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00702"]}, {"type": "mageia", "idList": ["MGASA-2022-0263", "MGASA-2022-0264", "MGASA-2022-0278", "MGASA-2022-0279", "MGASA-2022-0305", "MGASA-2022-0308"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-NETFILTER_NFT_SET_ELEM_INIT_PRIVESC-"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-039.NASL", "AL2022_ALAS2022-2022-114.NASL", "AL2022_ALAS2022-2022-125.NASL", "AL2022_ALAS2022-2022-150.NASL", "AL2022_ALAS2022-2022-185.NASL", "AL2_ALAS-2022-1761.NASL", "AL2_ALAS-2022-1813.NASL", "AL2_ALAS-2022-1838.NASL", "AL2_ALAS-2022-1852.NASL", "AL2_ALASKERNEL-5_10-2022-011.NASL", "AL2_ALASKERNEL-5_10-2022-015.NASL", "AL2_ALASKERNEL-5_10-2022-016.NASL", "AL2_ALASKERNEL-5_10-2022-017.NASL", "AL2_ALASKERNEL-5_10-2022-018.NASL", "AL2_ALASKERNEL-5_10-2022-019.NASL", "AL2_ALASKERNEL-5_10-2022-020.NASL", "AL2_ALASKERNEL-5_15-2022-002.NASL", "AL2_ALASKERNEL-5_15-2022-003.NASL", "AL2_ALASKERNEL-5_15-2022-004.NASL", "AL2_ALASKERNEL-5_15-2022-005.NASL", "AL2_ALASKERNEL-5_15-2022-006.NASL", "AL2_ALASKERNEL-5_15-2022-008.NASL", "AL2_ALASKERNEL-5_4-2022-023.NASL", "AL2_ALASKERNEL-5_4-2022-028.NASL", "AL2_ALASKERNEL-5_4-2022-030.NASL", "AL2_ALASKERNEL-5_4-2022-032.NASL", "AL2_ALASKERNEL-5_4-2022-034.NASL", "AL2_ALASKERNEL-5_4-2022-036.NASL", "AL2_ALASKERNEL-5_4-2022-037.NASL", "ALA_ALAS-2022-1571.NASL", "ALA_ALAS-2022-1604.NASL", "ALA_ALAS-2022-1636.NASL", "ALMA_LINUX_ALSA-2022-1988.NASL", "ALMA_LINUX_ALSA-2022-5819.NASL", "ALMA_LINUX_ALSA-2022-5834.NASL", "ALMA_LINUX_ALSA-2022-6582.NASL", "ALMA_LINUX_ALSA-2022-6592.NASL", "ALMA_LINUX_ALSA-2022-6610.NASL", "ALMA_LINUX_ALSA-2022-7110.NASL", "ALMA_LINUX_ALSA-2022-7134.NASL", "ALMA_LINUX_ALSA-2022-7933.NASL", "ALMA_LINUX_ALSA-2022-8267.NASL", "DEBIAN_DLA-3065.NASL", "DEBIAN_DLA-3102.NASL", "DEBIAN_DLA-3131.NASL", "DEBIAN_DLA-3173.NASL", "DEBIAN_DLA-3245.NASL", "DEBIAN_DSA-5173.NASL", "DEBIAN_DSA-5184.NASL", "DEBIAN_DSA-5191.NASL", "DEBIAN_DSA-5207.NASL", "EULEROS_SA-2022-1292.NASL", "EULEROS_SA-2022-1352.NASL", "EULEROS_SA-2022-1402.NASL", "EULEROS_SA-2022-1429.NASL", "EULEROS_SA-2022-1475.NASL", "EULEROS_SA-2022-1523.NASL", "EULEROS_SA-2022-1607.NASL", "EULEROS_SA-2022-1735.NASL", "EULEROS_SA-2022-2225.NASL", "EULEROS_SA-2022-2244.NASL", "EULEROS_SA-2022-2257.NASL", "EULEROS_SA-2022-2273.NASL", "EULEROS_SA-2022-2292.NASL", "EULEROS_SA-2022-2321.NASL", "EULEROS_SA-2022-2348.NASL", "EULEROS_SA-2022-2384.NASL", "EULEROS_SA-2022-2415.NASL", "EULEROS_SA-2022-2428.NASL", "EULEROS_SA-2022-2441.NASL", "EULEROS_SA-2022-2466.NASL", "EULEROS_SA-2022-2566.NASL", "EULEROS_SA-2022-2619.NASL", "EULEROS_SA-2022-2654.NASL", "EULEROS_SA-2022-2686.NASL", "EULEROS_SA-2022-2767.NASL", "EULEROS_SA-2022-2873.NASL", "EULEROS_SA-2022-2891.NASL", "EULEROS_SA-2023-1223.NASL", "F5_BIGIP_SOL83713003.NASL", "FEDORA_2022-C69EF9C1DD.NASL", "NEWSTART_CGSL_NS-SA-2023-0001_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0005_KERNEL.NASL", "NUTANIX_NXSA-AHV-20220304_10013.NASL", "ORACLELINUX_ELSA-2022-1988.NASL", "ORACLELINUX_ELSA-2022-5232.NASL", "ORACLELINUX_ELSA-2022-5249.NASL", "ORACLELINUX_ELSA-2022-5819.NASL", "ORACLELINUX_ELSA-2022-6610.NASL", "ORACLELINUX_ELSA-2022-7110.NASL", "ORACLELINUX_ELSA-2022-7337.NASL", "ORACLELINUX_ELSA-2022-8267.NASL", "ORACLELINUX_ELSA-2022-9198.NASL", "ORACLELINUX_ELSA-2022-9199.NASL", "ORACLELINUX_ELSA-2022-9200.NASL", "ORACLELINUX_ELSA-2022-9201.NASL", "ORACLELINUX_ELSA-2022-9273.NASL", "ORACLELINUX_ELSA-2022-9274.NASL", "ORACLELINUX_ELSA-2022-9348.NASL", "ORACLELINUX_ELSA-2022-9590.NASL", "ORACLELINUX_ELSA-2022-9591.NASL", "ORACLELINUX_ELSA-2022-9667.NASL", "ORACLELINUX_ELSA-2022-9709.NASL", "ORACLELINUX_ELSA-2022-9710.NASL", "ORACLELINUX_ELSA-2022-9827.NASL", "ORACLELINUX_ELSA-2022-9830.NASL", "ORACLEVM_OVMSA-2022-0014.NASL", "ORACLEVM_OVMSA-2022-0021.NASL", "REDHAT-RHSA-2022-1975.NASL", "REDHAT-RHSA-2022-1988.NASL", "REDHAT-RHSA-2022-5214.NASL", "REDHAT-RHSA-2022-5216.NASL", "REDHAT-RHSA-2022-5220.NASL", "REDHAT-RHSA-2022-5224.NASL", "REDHAT-RHSA-2022-5232.NASL", "REDHAT-RHSA-2022-5236.NASL", "REDHAT-RHSA-2022-5249.NASL", "REDHAT-RHSA-2022-5267.NASL", "REDHAT-RHSA-2022-5439.NASL", "REDHAT-RHSA-2022-5476.NASL", "REDHAT-RHSA-2022-5626.NASL", "REDHAT-RHSA-2022-5633.NASL", "REDHAT-RHSA-2022-5636.NASL", "REDHAT-RHSA-2022-5641.NASL", "REDHAT-RHSA-2022-5648.NASL", "REDHAT-RHSA-2022-5802.NASL", "REDHAT-RHSA-2022-5804.NASL", "REDHAT-RHSA-2022-5805.NASL", "REDHAT-RHSA-2022-5806.NASL", "REDHAT-RHSA-2022-5819.NASL", "REDHAT-RHSA-2022-5834.NASL", "REDHAT-RHSA-2022-5839.NASL", "REDHAT-RHSA-2022-6073.NASL", "REDHAT-RHSA-2022-6075.NASL", "REDHAT-RHSA-2022-6551.NASL", "REDHAT-RHSA-2022-6582.NASL", "REDHAT-RHSA-2022-6592.NASL", "REDHAT-RHSA-2022-6610.NASL", "REDHAT-RHSA-2022-7110.NASL", "REDHAT-RHSA-2022-7134.NASL", "REDHAT-RHSA-2022-7337.NASL", "REDHAT-RHSA-2022-7338.NASL", "REDHAT-RHSA-2022-7933.NASL", "REDHAT-RHSA-2022-8267.NASL", "REDHAT-RHSA-2022-8973.NASL", "REDHAT-RHSA-2022-8974.NASL", "ROCKY_LINUX_RLSA-2022-5819.NASL", "ROCKY_LINUX_RLSA-2022-5834.NASL", "ROCKY_LINUX_RLSA-2022-7110.NASL", "ROCKY_LINUX_RLSA-2022-7134.NASL", "SLACKWARE_SSA_2022-237-02.NASL", "SL_20221103_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2022-2116-1.NASL", "SUSE_SU-2022-2172-1.NASL", "SUSE_SU-2022-2177-1.NASL", "SUSE_SU-2022-2214-1.NASL", "SUSE_SU-2022-2216-1.NASL", "SUSE_SU-2022-2230-1.NASL", "SUSE_SU-2022-2239-1.NASL", "SUSE_SU-2022-2245-1.NASL", "SUSE_SU-2022-2262-1.NASL", "SUSE_SU-2022-2268-1.NASL", "SUSE_SU-2022-2377-1.NASL", "SUSE_SU-2022-2379-1.NASL", "SUSE_SU-2022-2382-1.NASL", "SUSE_SU-2022-2393-1.NASL", "SUSE_SU-2022-2407-1.NASL", "SUSE_SU-2022-2411-1.NASL", "SUSE_SU-2022-2422-1.NASL", "SUSE_SU-2022-2423-1.NASL", "SUSE_SU-2022-2424-1.NASL", "SUSE_SU-2022-2435-1.NASL", "SUSE_SU-2022-2438-1.NASL", "SUSE_SU-2022-2443-1.NASL", "SUSE_SU-2022-2444-1.NASL", "SUSE_SU-2022-2445-1.NASL", "SUSE_SU-2022-2446-1.NASL", "SUSE_SU-2022-2460-1.NASL", "SUSE_SU-2022-2461-1.NASL", "SUSE_SU-2022-2478-1.NASL", "SUSE_SU-2022-2482-1.NASL", "SUSE_SU-2022-2515-1.NASL", "SUSE_SU-2022-2516-1.NASL", "SUSE_SU-2022-2520-1.NASL", "SUSE_SU-2022-2549-1.NASL", "SUSE_SU-2022-2557-1.NASL", "SUSE_SU-2022-2560-1.NASL", "SUSE_SU-2022-2569-1.NASL", "SUSE_SU-2022-2574-1.NASL", "SUSE_SU-2022-2591-1.NASL", "SUSE_SU-2022-2597-1.NASL", "SUSE_SU-2022-2599-1.NASL", "SUSE_SU-2022-2600-1.NASL", "SUSE_SU-2022-2601-1.NASL", "SUSE_SU-2022-2615-1.NASL", "SUSE_SU-2022-2629-1.NASL", "SUSE_SU-2022-2696-1.NASL", "SUSE_SU-2022-2697-1.NASL", "SUSE_SU-2022-2699-1.NASL", "SUSE_SU-2022-2700-1.NASL", "SUSE_SU-2022-2709-1.NASL", "SUSE_SU-2022-2710-1.NASL", "SUSE_SU-2022-2722-1.NASL", "SUSE_SU-2022-2723-1.NASL", "SUSE_SU-2022-2726-1.NASL", "SUSE_SU-2022-2727-1.NASL", "SUSE_SU-2022-2728-1.NASL", "SUSE_SU-2022-2732-1.NASL", "SUSE_SU-2022-2738-1.NASL", "SUSE_SU-2022-2741-1.NASL", "SUSE_SU-2022-2745-1.NASL", "SUSE_SU-2022-2750-1.NASL", "SUSE_SU-2022-2759-1.NASL", "SUSE_SU-2022-2762-1.NASL", "SUSE_SU-2022-2766-1.NASL", "SUSE_SU-2022-2770-1.NASL", "SUSE_SU-2022-2776-1.NASL", "SUSE_SU-2022-2779-1.NASL", "SUSE_SU-2022-2780-1.NASL", "SUSE_SU-2022-2781-1.NASL", "SUSE_SU-2022-2783-1.NASL", "SUSE_SU-2022-2789-1.NASL", "SUSE_SU-2022-2808-1.NASL", "SUSE_SU-2022-2809-1.NASL", "SUSE_SU-2022-2854-1.NASL", "SUSE_SU-2022-2875-1.NASL", "SUSE_SU-2022-3293-1.NASL", "SUSE_SU-2022-3450-1.NASL", "SUSE_SU-2022-3809-1.NASL", "SUSE_SU-2022-3998-1.NASL", "SUSE_SU-2022-4072-1.NASL", "SUSE_SU-2022-4573-1.NASL", "SUSE_SU-2022-4616-1.NASL", "SUSE_SU-2022-4617-1.NASL", "UBUNTU_USN-5413-1.NASL", "UBUNTU_USN-5500-1.NASL", "UBUNTU_USN-5505-1.NASL", "UBUNTU_USN-5514-1.NASL", "UBUNTU_USN-5517-1.NASL", "UBUNTU_USN-5518-1.NASL", "UBUNTU_USN-5529-1.NASL", "UBUNTU_USN-5539-1.NASL", "UBUNTU_USN-5540-1.NASL", "UBUNTU_USN-5544-1.NASL", "UBUNTU_USN-5545-1.NASL", "UBUNTU_USN-5560-1.NASL", "UBUNTU_USN-5560-2.NASL", "UBUNTU_USN-5562-1.NASL", "UBUNTU_USN-5564-1.NASL", "UBUNTU_USN-5565-1.NASL", "UBUNTU_USN-5566-1.NASL", "UBUNTU_USN-5582-1.NASL", "UBUNTU_USN-5728-1.NASL", "UBUNTU_USN-5728-2.NASL", "UBUNTU_USN-5728-3.NASL", "UBUNTU_USN-5854-1.NASL", "UBUNTU_USN-5861-1.NASL", "UBUNTU_USN-5862-1.NASL", "UBUNTU_USN-5865-1.NASL", "UBUNTU_USN-5883-1.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-1988", "ELSA-2022-5819", "ELSA-2022-6610", "ELSA-2022-7110", "ELSA-2022-7337", "ELSA-2022-8267", "ELSA-2022-9198", "ELSA-2022-9199", "ELSA-2022-9200", "ELSA-2022-9201", "ELSA-2022-9273", "ELSA-2022-9274", "ELSA-2022-9348", "ELSA-2022-9590", "ELSA-2022-9591", "ELSA-2022-9667", "ELSA-2022-9709", "ELSA-2022-9710", "ELSA-2022-9827", "ELSA-2022-9830"]}, {"type": "osv", "idList": ["OSV:ASB-A-188677105", "OSV:CVE-2022-29900", "OSV:DLA-3065-1", "OSV:DLA-3102-1", "OSV:DLA-3131-1", "OSV:DLA-3173-1", "OSV:DLA-3245-1", "OSV:DSA-5161-1", "OSV:DSA-5173-1", "OSV:DSA-5184-1", "OSV:DSA-5191-1", "OSV:DSA-5207-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:168543"]}, {"type": "photon", "idList": ["PHSA-2021-3.0-0254", "PHSA-2022-0195", "PHSA-2022-0238", "PHSA-2022-0248", "PHSA-2022-0393", "PHSA-2022-0409", "PHSA-2022-0482", "PHSA-2022-0527", "PHSA-2022-3.0-0350", "PHSA-2022-3.0-0393", "PHSA-2022-3.0-0409", "PHSA-2022-3.0-0446", "PHSA-2022-3.0-0464", "PHSA-2022-4.0-0195", "PHSA-2022-4.0-0238", "PHSA-2022-4.0-0248"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:5BB5A527EBC10639A3F1F7010D15B8F1"]}, {"type": "redhat", "idList": ["RHSA-2022:1975", "RHSA-2022:1988", "RHSA-2022:4814", "RHSA-2022:4956", "RHSA-2022:5069", "RHSA-2022:5201", "RHSA-2022:5214", "RHSA-2022:5216", "RHSA-2022:5220", "RHSA-2022:5224", "RHSA-2022:5232", "RHSA-2022:5236", "RHSA-2022:5249", "RHSA-2022:5267", "RHSA-2022:5392", "RHSA-2022:5439", "RHSA-2022:5476", "RHSA-2022:5483", "RHSA-2022:5626", "RHSA-2022:5633", "RHSA-2022:5636", "RHSA-2022:5641", "RHSA-2022:5648", "RHSA-2022:5730", "RHSA-2022:5802", "RHSA-2022:5804", "RHSA-2022:5805", "RHSA-2022:5806", "RHSA-2022:5819", "RHSA-2022:5834", "RHSA-2022:5839", "RHSA-2022:5879", "RHSA-2022:6051", "RHSA-2022:6053", "RHSA-2022:6073", "RHSA-2022:6075", "RHSA-2022:6103", "RHSA-2022:6271", "RHSA-2022:6370", "RHSA-2022:6507", "RHSA-2022:6551", "RHSA-2022:6582", "RHSA-2022:6592", "RHSA-2022:6610", "RHSA-2022:6882", "RHSA-2022:7110", "RHSA-2022:7134", "RHSA-2022:7201", "RHSA-2022:7276", "RHSA-2022:7313", "RHSA-2022:7337", "RHSA-2022:7338", "RHSA-2022:7434", "RHSA-2022:7933", "RHSA-2022:8267", "RHSA-2022:8973", "RHSA-2022:8974"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-26341", "RH:CVE-2021-4157", "RH:CVE-2022-1679", "RH:CVE-2022-1966", "RH:CVE-2022-20154", "RH:CVE-2022-23816", "RH:CVE-2022-23824", "RH:CVE-2022-29900", "RH:CVE-2022-29901", "RH:CVE-2022-32250", "RH:CVE-2022-33981", "RH:CVE-2022-34918"]}, {"type": "rocky", "idList": ["RLSA-2022:1975", "RLSA-2022:1988", "RLSA-2022:5819", "RLSA-2022:5834", "RLSA-2022:7110", "RLSA-2022:7134"]}, {"type": "slackware", "idList": ["SSA-2022-237-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:2177-1", "OPENSUSE-SU-2022:2422-1", "OPENSUSE-SU-2022:2549-1", "SUSE-SU-2022:2172-1", "SUSE-SU-2022:2376-1", "SUSE-SU-2022:2411-1", "SUSE-SU-2022:2422-1", "SUSE-SU-2022:2424-2", "SUSE-SU-2022:2520-1", "SUSE-SU-2022:2549-1", "SUSE-SU-2022:2597-1", "SUSE-SU-2022:2599-1", "SUSE-SU-2022:2599-2", "SUSE-SU-2022:2615-1", "SUSE-SU-2022:2722-1", "SUSE-SU-2022:2741-1", "SUSE-SU-2022:2875-1", "SUSE-SU-2022:2875-2", "SUSE-SU-2022:3293-1"]}, {"type": "thn", "idList": ["THN:83DDF7EA5627F196DA7F3A5DB2F32A06"]}, {"type": "ubuntu", "idList": ["LSN-0089-1", "USN-5413-1", "USN-5500-1", "USN-5505-1", "USN-5513-1", "USN-5514-1", "USN-5517-1", "USN-5518-1", "USN-5529-1", "USN-5539-1", "USN-5540-1", "USN-5544-1", "USN-5545-1", "USN-5560-1", "USN-5560-2", "USN-5562-1", "USN-5564-1", "USN-5565-1", "USN-5566-1", "USN-5582-1", "USN-5728-1", "USN-5728-2", "USN-5728-3", "USN-5854-1", "USN-5861-1", "USN-5862-1", "USN-5865-1", "USN-5883-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-4157", "UB:CVE-2022-1679", "UB:CVE-2022-20132", "UB:CVE-2022-20154", "UB:CVE-2022-29900", "UB:CVE-2022-29901", "UB:CVE-2022-32250", "UB:CVE-2022-33981", "UB:CVE-2022-34918"]}, {"type": "veracode", "idList": ["VERACODE:33901", "VERACODE:36361", "VERACODE:37096", "VERACODE:37864"]}, {"type": "vmware", "idList": ["VMSA-2022-0020", "VMSA-2022-0020.1", "VMSA-2022-0020.2"]}, {"type": "xen", "idList": ["XSA-398", "XSA-407"]}, {"type": "zdt", "idList": ["1337DAY-ID-37996"]}]}, "epss": [{"cve": "CVE-2021-26341", "epss": "0.000430000", "percentile": "0.069270000", "modified": "2023-03-19"}, {"cve": "CVE-2021-4157", "epss": "0.000690000", "percentile": "0.280390000", "modified": "2023-03-19"}, {"cve": "CVE-2022-1679", "epss": "0.000420000", "percentile": "0.056360000", "modified": "2023-03-19"}, {"cve": "CVE-2022-20132", "epss": "0.000460000", "percentile": "0.127340000", "modified": "2023-03-19"}, {"cve": "CVE-2022-20154", "epss": "0.000420000", "percentile": "0.056360000", "modified": "2023-03-19"}, {"cve": "CVE-2022-29900", "epss": "0.000460000", "percentile": "0.127960000", "modified": "2023-03-19"}, {"cve": "CVE-2022-29901", "epss": "0.000870000", "percentile": "0.351460000", "modified": "2023-03-19"}, {"cve": "CVE-2022-32250", "epss": "0.000440000", "percentile": "0.081850000", "modified": "2023-03-19"}, {"cve": "CVE-2022-33981", "epss": "0.000430000", "percentile": "0.078130000", "modified": "2023-03-19"}, {"cve": "CVE-2022-34918", "epss": "0.000660000", "percentile": "0.270290000", "modified": "2023-03-19"}], "vulnersScore": 0.3}, "_state": {"score": 1677761273, "dependencies": 1677761235, "epss": 1679300891}, "_internal": {"score_hash": "d0c0bbfb36adf26e2d38e4cec466dece"}, "pluginID": "163068", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2376-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163068);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1679\",\n \"CVE-2022-20132\",\n \"CVE-2022-20154\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33981\",\n \"CVE-2022-34918\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2376-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2376-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2376-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179195\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200828\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201222\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011519.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d25d800b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-34918\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.3)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.3.18-150300.38.69.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.69.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.69.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-150300.38.69.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.69.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'cluster-md-kmp-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-extra-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-livepatch-devel-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-optional-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.69.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-150300.38.69.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / kernel-azure / etc');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:15"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2021-4157", "vendor_cvss2": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 8, "vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-07-12T00:00:00", "vulnerabilityPublicationDate": "2022-03-07T00:00:00", "exploitableWith": ["Core Impact", "Metasploit(Netfilter nft_set_elem_init Heap Overflow Privilege Escalation)"]}

{"suse": [{"lastseen": "2022-11-10T08:09:33", "description": "An update that solves 9 vulnerabilities and has 40 fixes is\n now available.\n\nDescription:\n\n The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive\n various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre\n like Branch Target Buffer attack, that can leak arbitrary kernel\n information (bsc#1199657).\n - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that\n could be used by a local attacker to escalate privileges (bnc#1201171).\n - CVE-2021-26341: Some AMD CPUs may transiently execute beyond\n unconditional direct branches, which may potentially result in data\n leakage (bsc#1201050).\n - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in\n the way a user forces the ath9k_htc_wait_for_target function to fail\n with some input messages (bsc#1199487).\n - CVE-2022-20132: Fixed out of bounds read due to improper input\n validation in lg_probe and related functions of hid-lg.c (bsc#1200619).\n - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)\n - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS\n subsystem, related to the replication of files with NFS. A user could\n potentially crash the system or escalate privileges on the system\n (bsc#1194013).\n - CVE-2022-20154: Fixed a use after free due to a race condition in\n lock_sock_nested of sock.c. This could lead to local escalation of\n privilege with System execution privileges needed (bsc#1200599).\n\n The following non-security bugs were fixed:\n\n - ALSA: hda/conexant: Fix missing beep setup (git-fixes).\n - ALSA: hda/realtek - Add HW8326 support (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).\n - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).\n - ALSA: hda/via: Fix missing beep setup (git-fixes).\n - arm64: ftrace: fix branch range checks (git-fixes)\n - ASoC: cs35l36: Update digital volume TLV (git-fixes).\n - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).\n - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).\n - ASoC: cs42l56: Correct typo in minimum level for SX volume controls\n (git-fixes).\n - ASoC: cs53l30: Correct number of volume levels on SX controls\n (git-fixes).\n - ASoC: es8328: Fix event generation for deemphasis control (git-fixes).\n - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).\n - ASoC: wm8962: Fix suspend while playing music (git-fixes).\n - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).\n - ata: libata: add qc->flags in ata_qc_complete_template tracepoint\n (git-fixes).\n - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()\n (git-fixes).\n - bcache: avoid journal no-space deadlock by reserving 1 journal bucket\n (git-fixes).\n - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate()\n (bsc#1197362).\n - bcache: fixup multiple threads crash (git-fixes).\n - bcache: improve multithreaded bch_btree_check() (git-fixes).\n - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).\n - bcache: memset on stack variables in bch_btree_check() and\n bch_sectors_dirty_init() (git-fixes).\n - bcache: remove incremental dirty sector counting for\n bch_sectors_dirty_init() (git-fixes).\n - bio: fix page leak bio_add_hw_page failure (git-fixes).\n - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).\n - blk-iolatency: Fix inflight count imbalances and IO hangs on offline\n (bsc#1200825).\n - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED\n (bsc#1200263).\n - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).\n - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)\n - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).\n - block: advance iov_iter on bio_add_hw_page failure (git-fixes).\n - block: do not merge across cgroup boundaries if blkcg is enabled\n (bsc#1198020).\n - block: Fix handling of offline queues in blk_mq_alloc_request_hctx()\n (bsc#1185762).\n - block: Fix kABI in blk-merge.c (bsc#1198020).\n - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).\n - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()\n (git-fixes).\n - caif_virtio: fix race between virtio_device_ready() and ndo_open()\n (git-fixes).\n - ceph: add some lockdep assertions around snaprealm handling\n (bsc#1201147).\n - ceph: clean up locking annotation for ceph_get_snap_realm and\n __lookup_snap_realm (bsc#1201149).\n - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).\n - cifs: adjust DebugData to use chans_need_reconnect for conn status\n (bsc#1200217).\n - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is\n empty (bsc#1200217).\n - cifs: avoid parallel session setups on same channel (bsc#1200217).\n - cifs: avoid race during socket reconnect between send and recv\n (bsc#1200217).\n - cifs: call cifs_reconnect when a connection is marked (bsc#1200217).\n - cifs: call helper functions for marking channels for reconnect\n (bsc#1200217).\n - cifs: change smb2_query_info_compound to use a cached fid, if available\n (bsc#1200217).\n - cifs: check for smb1 in open_cached_dir() (bsc#1200217).\n - cifs: check reconnects for channels of active tcons too (bsc#1200217).\n - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).\n - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits\n (bsc#1200217).\n - cifs: clean up an inconsistent indenting (bsc#1200217).\n - cifs: destage any unwritten data to the server before calling\n copychunk_write (bsc#1200217).\n - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).\n - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set\n (bsc#1200217).\n - cifs: do not use tcpStatus after negotiate completes (bsc#1200217).\n - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).\n - cifs: fix confusing unneeded warning message on smb2.1 and earlier\n (bsc#1200217).\n - cifs: fix double free race when mount fails in cifs_get_root()\n (bsc#1200217).\n - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).\n - cifs: fix handlecache and multiuser (bsc#1200217).\n - cifs: fix hang on cifs_get_next_mid() (bsc#1200217).\n - cifs: fix incorrect use of list iterator after the loop (bsc#1200217).\n - cifs: fix minor compile warning (bsc#1200217).\n - cifs: fix missed refcounting of ipc tcon (bsc#1200217).\n - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).\n - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).\n - cifs: fix potential deadlock in direct reclaim (bsc#1200217).\n - cifs: fix potential double free during failed mount (bsc#1200217).\n - cifs: fix potential race with cifsd thread (bsc#1200217).\n - cifs: fix set of group SID via NTSD xattrs (bsc#1200217).\n - cifs: fix signed integer overflow when fl_end is OFFSET_MAX\n (bsc#1200217).\n - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).\n - cifs: fix the cifs_reconnect path for DFS (bsc#1200217).\n - cifs: fix the connection state transitions with multichannel\n (bsc#1200217).\n - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share\n (bsc#1200217).\n - cifs: fix workstation_name for multiuser mounts (bsc#1200217).\n - cifs: force new session setup and tcon for dfs (bsc#1200217).\n - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).\n - cifs: ignore resource_id while getting fscache super cookie\n (bsc#1200217).\n - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).\n - cifs: make status checks in version independent callers (bsc#1200217).\n - cifs: mark sessions for reconnection in helper function (bsc#1200217).\n - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).\n - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).\n - cifs: move superblock magic defitions to magic.h (bsc#1200217).\n - cifs: potential buffer overflow in handling symlinks (bsc#1200217).\n - cifs: print TIDs as hex (bsc#1200217).\n - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).\n - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs\n refs (bsc#1200217).\n - cifs: reconnect only the connection and not smb session where possible\n (bsc#1200217).\n - cifs: release cached dentries only if mount is complete (bsc#1200217).\n - cifs: remove check of list iterator against head past the loop body\n (bsc#1200217).\n - cifs: remove redundant assignment to pointer p (bsc#1200217).\n - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).\n - cifs: remove repeated state change in dfs tree connect (bsc#1200217).\n - cifs: remove unused variable ses_selected (bsc#1200217).\n - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).\n - cifs: return the more nuanced writeback error on close() (bsc#1200217).\n - cifs: sanitize multiple delimiters in prepath (bsc#1200217).\n - cifs: serialize all mount attempts (bsc#1200217).\n - cifs: set the CREATE_NOT_FILE when opening the directory in\n use_cached_dir() (bsc#1200217).\n - cifs: skip trailing separators of prefix paths (bsc#1200217).\n - cifs: smbd: fix typo in comment (bsc#1200217).\n - cifs: Split the smb3_add_credits tracepoint (bsc#1200217).\n - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).\n - cifs: track individual channel status using chans_need_reconnect\n (bsc#1200217).\n - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).\n - cifs: update internal module number (bsc#1193629).\n - cifs: update internal module number (bsc#1200217).\n - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).\n - cifs: use a different reconnect helper for non-cifsd threads\n (bsc#1200217).\n - cifs: use correct lock type in cifs_reconnect() (bsc#1200217).\n - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).\n - cifs: use new enum for ses_status (bsc#1200217).\n - cifs: use the chans_need_reconnect bitmap for reconnect status\n (bsc#1200217).\n - cifs: verify that tcon is valid before dereference in cifs_kill_sb\n (bsc#1200217).\n - cifs: version operations for smb20 unneeded when legacy support disabled\n (bsc#1200217).\n - cifs: wait for tcon resource_id before getting fscache super\n (bsc#1200217).\n - cifs: we do not need a spinlock around the tree access during umount\n (bsc#1200217).\n - cifs: when extending a file with falloc we should make files not-sparse\n (bsc#1200217).\n - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c\n (git-fixes).\n - drm/msm: Fix double pm_runtime_disable() call (git-fixes).\n - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).\n - drm/sun4i: Fix crash during suspend after component bind failure\n (git-fixes).\n - exec: Force single empty string when argv is empty (bsc#1200571).\n - ext4: add check to prevent attempting to resize an fs with sparse_super2\n (bsc#1197754).\n - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).\n - ext4: fix bug_on in __es_tree_search (bsc#1200809).\n - ext4: fix race condition between ext4_write and ext4_convert_inline_data\n (bsc#1200807).\n - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole\n (bsc#1200806).\n - ext4: make variable \"count\" signed (bsc#1200820).\n - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).\n - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).\n - gtp: use icmp_ndo_send helper (git-fixes).\n - hwmon: (ibmaem) do not call platform_device_del() if\n platform_device_add() fails (git-fixes).\n - i2c: designware: Use standard optional ref clock implementation\n (git-fixes).\n - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).\n - iio:accel:bma180: rearrange iio trigger get and register (git-fixes).\n - iio: accel: mma8452: ignore the return value of reset operation\n (git-fixes).\n - iio: adc: axp288: Override TS pin bias current for some models\n (git-fixes).\n - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).\n - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).\n - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()\n (git-fixes).\n - iio: trigger: sysfs: fix use-after-free on remove (git-fixes).\n - init: Initialize noop_backing_dev_info early (bsc#1200822).\n - inotify: show inotify mask flags in proc fdinfo (bsc#1200600).\n - iomap: iomap_write_failed fix (bsc#1200829).\n - ipvs: add sysctl_run_estimation to support disable estimation\n (bsc#1195504).\n - jfs: fix divide error in dbNextAG (bsc#1200828).\n - kABI fix of sysctl_run_estimation (git-fixes).\n - kabi: nvme workaround header include (bsc#1201193).\n - kabi/severities: ignore KABI for NVMe target (bsc#1192761)\n - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).\n - md: fix update super 1.0 on rdev size change (git-fixes).\n - move devm_allocate to end of structure for kABI (git-fixes).\n - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).\n - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).\n - net: ieee802154: ca8210: Stop leaking skb's (git-fixes).\n - net: lantiq: Add locking for TX DMA channel (git-fixes).\n - net: rose: fix UAF bugs caused by timer handler (git-fixes).\n - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).\n - net: usb: ax88179_178a: Fix packet receiving (git-fixes).\n - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).\n - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).\n - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).\n - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).\n - NFS: Do not report errors from nfs_pageio_complete() more than once\n (git-fixes).\n - NFS: Do not report flush errors in nfs_write_end() (git-fixes).\n - NFS: Further fixes to the writeback error handling (git-fixes).\n - NFS: Memory allocation failures are not server fatal errors (git-fixes).\n - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout\n (git-fixes).\n - nvdimm: Fix firmware activation deadlock scenarios (git-fixes).\n - nvdimm/region: Fix default alignment for small regions (git-fixes).\n - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).\n - nvme: Add connect option 'discovery' (bsc#1192761).\n - nvme: add new discovery log page entry definitions (bsc#1192761).\n - nvme: display correct subsystem NQN (bsc#1192761).\n - nvme: expose subsystem type in sysfs attribute 'subsystype'\n (bsc#1192761).\n - nvme: kabi fix nvme subsystype change (bsc#1192761)\n - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).\n - nvmet: add nvmet_req_subsys() helper (bsc#1192761).\n - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).\n - nvmet: do not check iosqes,iocqes for discovery controllers\n (bsc#1192761).\n - nvmet: fix freeing unallocated p2pmem (git-fixes).\n - nvmet: make discovery NQN configurable (bsc#1192761).\n - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).\n - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY\n (git-fixes).\n - nvmet: register discovery subsystem as 'current' (bsc#1192761).\n - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).\n - nvmet: switch check for subsystem type (bsc#1192761).\n - pahole 1.22 required for full BTF features. also recommend pahole for\n kernel-source to make the kernel buildable with standard config\n - phy: aquantia: Fix AN when higher speeds than 1G are not advertised\n (git-fixes).\n - pNFS: Do not keep retrying if the server replied\n NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).\n - powerpc/idle: Fix return value of __setup() handler (bsc#1065729).\n - powerpc/perf: Fix the threshold compare group constraint for power9\n (bsc#1065729).\n - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips\n (git-fixes).\n - Revert \"block: Fix a lockdep complaint triggered by request queue\n flushing\" (git-fixes).\n - scsi: core: Show SCMD_LAST in text form (git-fixes).\n - scsi: ibmvfc: Allocate/free queue resource only during probe/remove\n (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).\n - scsi: ibmvfc: Store vhost pointer during subcrq allocation\n (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).\n - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe\n cmds (bsc#1201193).\n - scsi: lpfc: Address NULL pointer dereference after starget_to_rport()\n (bsc#1201193).\n - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).\n - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).\n - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd\n completion (bsc#1201193).\n - scsi: lpfc: Commonize VMID code location (bsc#1201193).\n - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in\n lpfc_ct_reject_event() (bsc#1201193).\n - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology\n (bsc#1201193).\n - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted\n (bsc#1201193).\n - scsi: lpfc: Resolve some cleanup issues following abort path refactoring\n (bsc#1201193).\n - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring\n (bsc#1201193).\n - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent\n (bsc#1201193).\n - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).\n - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).\n - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).\n - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).\n - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).\n - scsi: qla2xxx: edif: Add bsg interface to read doorbell events\n (bsc#1201160).\n - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).\n - scsi: qla2xxx: edif: bsg refactor (bsc#1201160).\n - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).\n - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).\n - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).\n - scsi: qla2xxx: edif: Fix potential stuck session in sa update\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).\n - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce disruption due to multiple app start\n (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time\n (bsc#1201160).\n - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).\n - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).\n - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication\n application (bsc#1201160).\n - scsi: qla2xxx: edif: Tear down session if keys have been removed\n (bsc#1201160).\n - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).\n - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts\n (bsc#1201160).\n - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection\n (bsc#1201160).\n - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).\n - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests\n (bsc#1201160).\n - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os\n (bsc#1201160).\n - scsi: qla2xxx: Fix losing target when it reappears during delete\n (bsc#1201160).\n - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters\n (bsc#1201160).\n - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).\n - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).\n - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).\n - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).\n - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).\n - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).\n - scsi: sd: Signal drive managed SMR disks (git-fixes).\n - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).\n - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).\n - scsi: sd_zbc: Improve zone revalidation (git-fixes).\n - scsi: sd_zbc: Remove unused inline functions (git-fixes).\n - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).\n - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195\n bsc#1200622).\n - smb3: add mount parm nosparse (bsc#1200217).\n - smb3: add trace point for lease not found issue (bsc#1200217).\n - smb3: add trace point for oplock not found (bsc#1200217).\n - smb3: check for null tcon (bsc#1200217).\n - smb3: cleanup and clarify status of tree connections (bsc#1200217).\n - smb3: do not set rc when used and unneeded in query_info_compound\n (bsc#1200217).\n - SMB3: EBADF/EIO errors in rename/open caused by race condition in\n smb2_compound_op (bsc#1200217).\n - smb3: fix incorrect session setup check for multiuser mounts\n (bsc#1200217).\n - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to\n smbfs_common (bsc#1200217).\n - smb3: fix snapshot mount option (bsc#1200217).\n - smb3 improve error message when mount options conflict with posix\n (bsc#1200217).\n - smb3: move defines for ioctl protocol header and SMB2 sizes to\n smbfs_common (bsc#1200217).\n - smb3: move defines for query info and query fsinfo to smbfs_common\n (bsc#1200217).\n - smb3 move more common protocol header definitions to smbfs_common\n (bsc#1200217).\n - smb3: send NTLMSSP version information (bsc#1200217).\n - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe\n (git-fixes).\n - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).\n - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()\n (git-fixes).\n - sunvnet: use icmp_ndo_send helper (git-fixes).\n - tty: goldfish: Fix free_irq() on remove (git-fixes).\n - usb: chipidea: udc: check request status before setting device address\n (git-fixes).\n - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).\n - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe\n (git-fixes).\n - usb: gadget: u_ether: fix regression in setting fixed MAC address\n (git-fixes).\n - usbnet: fix memory allocation in helpers (git-fixes).\n - USB: serial: io_ti: add Agilent E5805A support (git-fixes).\n - USB: serial: option: add Quectel EM05-G modem (git-fixes).\n - USB: serial: option: add Quectel RM500K module support (git-fixes).\n - USB: serial: option: add support for Cinterion MV31 with new baseline\n (git-fixes).\n - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).\n - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).\n - veth: fix races around rq->rx_notify_masked (git-fixes).\n - virtio-mmio: fix missing put_device() when vm_cmdline_parent\n registration failed (git-fixes).\n - virtio-net: fix race between ndo_open() and virtio_device_ready()\n (git-fixes).\n - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).\n - virtio-pci: Remove wrong address verification in vp_del_vqs()\n (git-fixes).\n - vmxnet3: fix minimum vectors alloc issue (bsc#1199489).\n - writeback: Avoid skipping inode writeback (bsc#1200813).\n - writeback: Fix inode->i_io_list not be protected by inode->i_lock error\n (bsc#1200821).\n - xhci: Add reset resume quirk for AMD xhci controller (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-2376=1\n\n - SUSE Linux Enterprise Module for Public Cloud 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2376=1", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-13T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2022-07-13T00:00:00", "id": "SUSE-SU-2022:2376-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5Q5WIEGX7YHOWE74L3GWRHQJSRWY7ZER/", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-09-30T20:23:38", "description": "An update that solves 10 vulnerabilities, contains one\n feature and has 43 fixes is now available.\n\nDescription:\n\n The SUSE Linux Enterprise 15 SP3 RT kernel was updated to 3.12.31 to\n receive various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre\n like Branch Target Buffer attack, that can leak arbitrary kernel\n information (bsc#1199657).\n - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that\n could be used by a local attacker to escalate privileges (bnc#1201171).\n - CVE-2021-26341: Some AMD CPUs may transiently execute beyond\n unconditional direct branches, which may potentially result in data\n leakage (bsc#1201050).\n - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in\n the way a user forces the ath9k_htc_wait_for_target function to fail\n with some input messages (bsc#1199487).\n - CVE-2022-20132: Fixed out of bounds read due to improper input\n validation in lg_probe and related functions of hid-lg.c (bsc#1200619).\n - CVE-2022-1012: Fixed information leak caused by small table perturb size\n in the TCP source port generation algorithm (bsc#1199482).\n - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)\n - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS\n subsystem, related to the replication of files with NFS. A user could\n potentially crash the system or escalate privileges on the system\n (bsc#1194013).\n - CVE-2022-20154: Fixed a use after free due to a race condition in\n lock_sock_nested of sock.c. This could lead to local escalation of\n privilege with System execution privileges needed (bsc#1200599).\n\n The following non-security bugs were fixed:\n\n - Add missing recommends of kernel-install-tools to kernel-source-vanilla\n (bsc#1200442)\n - Add various fsctl structs (bsc#1200217).\n - ALSA: hda/conexant: Fix missing beep setup (git-fixes).\n - ALSA: hda/realtek - Add HW8326 support (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).\n - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).\n - ALSA: hda/via: Fix missing beep setup (git-fixes).\n - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399\n (git-fixes)\n - arm64: ftrace: fix branch range checks (git-fixes)\n - ASoC: cs35l36: Update digital volume TLV (git-fixes).\n - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).\n - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).\n - ASoC: cs42l56: Correct typo in minimum level for SX volume controls\n (git-fixes).\n - ASoC: cs53l30: Correct number of volume levels on SX controls\n (git-fixes).\n - ASoC: es8328: Fix event generation for deemphasis control (git-fixes).\n - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).\n - ASoC: wm8962: Fix suspend while playing music (git-fixes).\n - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).\n - ata: libata: add qc->flags in ata_qc_complete_template tracepoint\n (git-fixes).\n - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()\n (git-fixes).\n - bcache: avoid journal no-space deadlock by reserving 1 journal bucket\n (git-fixes).\n - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate()\n (bsc#1197362).\n - bcache: fixup multiple threads crash (git-fixes).\n - bcache: improve multithreaded bch_btree_check() (git-fixes).\n - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).\n - bcache: memset on stack variables in bch_btree_check() and\n bch_sectors_dirty_init() (git-fixes).\n - bcache: remove incremental dirty sector counting for\n bch_sectors_dirty_init() (git-fixes).\n - bio: fix page leak bio_add_hw_page failure (git-fixes).\n - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).\n - blk-iolatency: Fix inflight count imbalances and IO hangs on offline\n (bsc#1200825).\n - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED\n (bsc#1200263).\n - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).\n - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)\n - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).\n - block: advance iov_iter on bio_add_hw_page failure (git-fixes).\n - block: do not merge across cgroup boundaries if blkcg is enabled\n (bsc#1198020).\n - block: Fix handling of offline queues in blk_mq_alloc_request_hctx()\n (bsc#1185762).\n - block: Fix kABI in blk-merge.c (bsc#1198020).\n - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).\n - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()\n (git-fixes).\n - caif_virtio: fix race between virtio_device_ready() and ndo_open()\n (git-fixes).\n - ceph: add some lockdep assertions around snaprealm handling\n (bsc#1201147).\n - ceph: clean up locking annotation for ceph_get_snap_realm and\n __lookup_snap_realm (bsc#1201149).\n - certs/blacklist_hashes.c: fix const confusion in certs blacklist\n (git-fixes).\n - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).\n - cifs: adjust DebugData to use chans_need_reconnect for conn status\n (bsc#1200217).\n - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is\n empty (bsc#1200217).\n - cifs: avoid parallel session setups on same channel (bsc#1200217).\n - cifs: avoid race during socket reconnect between send and recv\n (bsc#1200217).\n - cifs: call cifs_reconnect when a connection is marked (bsc#1200217).\n - cifs: call helper functions for marking channels for reconnect\n (bsc#1200217).\n - cifs: change smb2_query_info_compound to use a cached fid, if available\n (bsc#1200217).\n - cifs: check for smb1 in open_cached_dir() (bsc#1200217).\n - cifs: check reconnects for channels of active tcons too (bsc#1200217).\n - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).\n - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits\n (bsc#1200217).\n - cifs: clean up an inconsistent indenting (bsc#1200217).\n - cifs: destage any unwritten data to the server before calling\n copychunk_write (bsc#1200217).\n - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).\n - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set\n (bsc#1200217).\n - cifs: do not use tcpStatus after negotiate completes (bsc#1200217).\n - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).\n - cifs: fix confusing unneeded warning message on smb2.1 and earlier\n (bsc#1200217).\n - cifs: fix double free race when mount fails in cifs_get_root()\n (bsc#1200217).\n - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).\n - cifs: fix handlecache and multiuser (bsc#1200217).\n - cifs: fix hang on cifs_get_next_mid() (bsc#1200217).\n - cifs: fix incorrect use of list iterator after the loop (bsc#1200217).\n - cifs: fix minor compile warning (bsc#1200217).\n - cifs: fix missed refcounting of ipc tcon (bsc#1200217).\n - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).\n - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).\n - cifs: fix potential deadlock in direct reclaim (bsc#1200217).\n - cifs: fix potential double free during failed mount (bsc#1200217).\n - cifs: fix potential race with cifsd thread (bsc#1200217).\n - cifs: fix set of group SID via NTSD xattrs (bsc#1200217).\n - cifs: fix signed integer overflow when fl_end is OFFSET_MAX\n (bsc#1200217).\n - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).\n - cifs: fix the cifs_reconnect path for DFS (bsc#1200217).\n - cifs: fix the connection state transitions with multichannel\n (bsc#1200217).\n - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share\n (bsc#1200217).\n - cifs: fix workstation_name for multiuser mounts (bsc#1200217).\n - cifs: force new session setup and tcon for dfs (bsc#1200217).\n - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).\n - cifs: ignore resource_id while getting fscache super cookie\n (bsc#1200217).\n - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).\n - cifs: make status checks in version independent callers (bsc#1200217).\n - cifs: mark sessions for reconnection in helper function (bsc#1200217).\n - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).\n - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).\n - cifs: move superblock magic defitions to magic.h (bsc#1200217).\n - cifs: potential buffer overflow in handling symlinks (bsc#1200217).\n - cifs: print TIDs as hex (bsc#1200217).\n - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).\n - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs\n refs (bsc#1200217).\n - cifs: reconnect only the connection and not smb session where possible\n (bsc#1200217).\n - cifs: release cached dentries only if mount is complete (bsc#1200217).\n - cifs: remove check of list iterator against head past the loop body\n (bsc#1200217).\n - cifs: remove redundant assignment to pointer p (bsc#1200217).\n - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).\n - cifs: remove repeated state change in dfs tree connect (bsc#1200217).\n - cifs: remove unused variable ses_selected (bsc#1200217).\n - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).\n - cifs: return the more nuanced writeback error on close() (bsc#1200217).\n - cifs: sanitize multiple delimiters in prepath (bsc#1200217).\n - cifs: serialize all mount attempts (bsc#1200217).\n - cifs: set the CREATE_NOT_FILE when opening the directory in\n use_cached_dir() (bsc#1200217).\n - cifs: skip trailing separators of prefix paths (bsc#1200217).\n - cifs: smbd: fix typo in comment (bsc#1200217).\n - cifs: Split the smb3_add_credits tracepoint (bsc#1200217).\n - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).\n - cifs: track individual channel status using chans_need_reconnect\n (bsc#1200217).\n - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).\n - cifs: update internal module number (bsc#1193629).\n - cifs: update internal module number (bsc#1200217).\n - cifs: update internal module number (bsc#1200217).\n - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).\n - cifs: use a different reconnect helper for non-cifsd threads\n (bsc#1200217).\n - cifs: use correct lock type in cifs_reconnect() (bsc#1200217).\n - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).\n - cifs: use new enum for ses_status (bsc#1200217).\n - cifs: use the chans_need_reconnect bitmap for reconnect status\n (bsc#1200217).\n - cifs: verify that tcon is valid before dereference in cifs_kill_sb\n (bsc#1200217).\n - cifs: version operations for smb20 unneeded when legacy support disabled\n (bsc#1200217).\n - cifs: wait for tcon resource_id before getting fscache super\n (bsc#1200217).\n - cifs: we do not need a spinlock around the tree access during umount\n (bsc#1200217).\n - cifs: when extending a file with falloc we should make files not-sparse\n (bsc#1200217).\n - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c\n (git-fixes).\n - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).\n - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).\n - drm/msm: Fix double pm_runtime_disable() call (git-fixes).\n - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).\n - drm/sun4i: Fix crash during suspend after component bind failure\n (git-fixes).\n - exec: Force single empty string when argv is empty (bsc#1200571).\n - ext4: add check to prevent attempting to resize an fs with sparse_super2\n (bsc#1197754).\n - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).\n - ext4: fix bug_on in __es_tree_search (bsc#1200809).\n - ext4: fix race condition between ext4_write and ext4_convert_inline_data\n (bsc#1200807).\n - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole\n (bsc#1200806).\n - ext4: make variable \"count\" signed (bsc#1200820).\n - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).\n - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).\n - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).\n - gtp: use icmp_ndo_send helper (git-fixes).\n - hwmon: (ibmaem) do not call platform_device_del() if\n platform_device_add() fails (git-fixes).\n - i2c: designware: Use standard optional ref clock implementation\n (git-fixes).\n - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).\n - iio:accel:bma180: rearrange iio trigger get and register (git-fixes).\n - iio: accel: mma8452: ignore the return value of reset operation\n (git-fixes).\n - iio: adc: axp288: Override TS pin bias current for some models\n (git-fixes).\n - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).\n - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).\n - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()\n (git-fixes).\n - iio: trigger: sysfs: fix use-after-free on remove (git-fixes).\n - init: Initialize noop_backing_dev_info early (bsc#1200822).\n - inotify: show inotify mask flags in proc fdinfo (bsc#1200600).\n - iomap: iomap_write_failed fix (bsc#1200829).\n - ipvs: add sysctl_run_estimation to support disable estimation\n (bsc#1195504).\n - jfs: fix divide error in dbNextAG (bsc#1200828).\n - kABI fix of sysctl_run_estimation (git-fixes).\n - kabi: nvme workaround header include (bsc#1201193).\n - kabi/severities: ignore KABI for NVMe target (bsc#1192761)\n - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).\n - md: fix update super 1.0 on rdev size change (git-fixes).\n - move devm_allocate to end of structure for kABI (git-fixes).\n - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).\n - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg\n (git-fixes).\n - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).\n - net: ieee802154: ca8210: Stop leaking skb's (git-fixes).\n - net: lantiq: Add locking for TX DMA channel (git-fixes).\n - net: rose: fix UAF bugs caused by timer handler (git-fixes).\n - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).\n - net: usb: ax88179_178a: Fix packet receiving (git-fixes).\n - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).\n - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).\n - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).\n - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).\n - NFS: Do not report errors from nfs_pageio_complete() more than once\n (git-fixes).\n - NFS: Do not report flush errors in nfs_write_end() (git-fixes).\n - NFS: Further fixes to the writeback error handling (git-fixes).\n - NFS: Memory allocation failures are not server fatal errors (git-fixes).\n - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout\n (git-fixes).\n - nvdimm: Fix firmware activation deadlock scenarios (git-fixes).\n - nvdimm/region: Fix default alignment for small regions (git-fixes).\n - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).\n - nvme: Add connect option 'discovery' (bsc#1192761).\n - nvme: add new discovery log page entry definitions (bsc#1192761).\n - nvme: display correct subsystem NQN (bsc#1192761).\n - nvme: expose subsystem type in sysfs attribute 'subsystype'\n (bsc#1192761).\n - nvme: kabi fix nvme subsystype change (bsc#1192761)\n - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).\n - nvmet: add nvmet_req_subsys() helper (bsc#1192761).\n - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).\n - nvmet: do not check iosqes,iocqes for discovery controllers\n (bsc#1192761).\n - nvmet: fix freeing unallocated p2pmem (git-fixes).\n - nvmet: make discovery NQN configurable (bsc#1192761).\n - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).\n - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY\n (git-fixes).\n - nvmet: register discovery subsystem as 'current' (bsc#1192761).\n - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).\n - nvmet: switch check for subsystem type (bsc#1192761).\n - pahole 1.22 required for full BTF features. also recommend pahole for\n kernel-source to make the kernel buildable with standard config\n - phy: aquantia: Fix AN when higher speeds than 1G are not advertised\n (git-fixes).\n - pNFS: Do not keep retrying if the server replied\n NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).\n - powerpc/idle: Fix return value of __setup() handler (bsc#1065729).\n - powerpc/perf: Fix the threshold compare group constraint for power9\n (bsc#1065729).\n - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address\n (bsc#1200343 ltc#198477).\n - random: Add and use pr_fmt() (bsc#1184924).\n - random: remove unnecessary unlikely() (bsc#1184924).\n - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips\n (git-fixes).\n - Revert \"block: Fix a lockdep complaint triggered by request queue\n flushing\" (git-fixes).\n - rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS\n - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut\n module (bsc#1195775)\n - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)\n - scsi: core: Show SCMD_LAST in text form (git-fixes).\n - scsi: ibmvfc: Allocate/free queue resource only during probe/remove\n (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).\n - scsi: ibmvfc: Store vhost pointer during subcrq allocation\n (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).\n - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe\n cmds (bsc#1201193).\n - scsi: lpfc: Address NULL pointer dereference after starget_to_rport()\n (bsc#1201193).\n - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).\n - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).\n - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd\n completion (bsc#1201193).\n - scsi: lpfc: Commonize VMID code location (bsc#1201193).\n - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in\n lpfc_ct_reject_event() (bsc#1201193).\n - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology\n (bsc#1201193).\n - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted\n (bsc#1201193).\n - scsi: lpfc: Resolve some cleanup issues following abort path refactoring\n (bsc#1201193).\n - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring\n (bsc#1201193).\n - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent\n (bsc#1201193).\n - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).\n - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).\n - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).\n - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).\n - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).\n - scsi: qla2xxx: edif: Add bsg interface to read doorbell events\n (bsc#1201160).\n - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).\n - scsi: qla2xxx: edif: bsg refactor (bsc#1201160).\n - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).\n - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).\n - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).\n - scsi: qla2xxx: edif: Fix potential stuck session in sa update\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).\n - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce disruption due to multiple app start\n (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time\n (bsc#1201160).\n - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).\n - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).\n - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication\n application (bsc#1201160).\n - scsi: qla2xxx: edif: Tear down session if keys have been removed\n (bsc#1201160).\n - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).\n - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts\n (bsc#1201160).\n - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection\n (bsc#1201160).\n - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).\n - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests\n (bsc#1201160).\n - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os\n (bsc#1201160).\n - scsi: qla2xxx: Fix losing target when it reappears during delete\n (bsc#1201160).\n - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters\n (bsc#1201160).\n - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).\n - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).\n - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).\n - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).\n - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).\n - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).\n - scsi: sd: Signal drive managed SMR disks (git-fixes).\n - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).\n - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).\n - scsi: sd_zbc: Improve zone revalidation (git-fixes).\n - scsi: sd_zbc: Remove unused inline functions (git-fixes).\n - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).\n - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195\n bsc#1200622).\n - smb3: add mount parm nosparse (bsc#1200217).\n - smb3: add trace point for lease not found issue (bsc#1200217).\n - smb3: add trace point for oplock not found (bsc#1200217).\n - smb3: check for null tcon (bsc#1200217).\n - smb3: cleanup and clarify status of tree connections (bsc#1200217).\n - smb3: do not set rc when used and unneeded in query_info_compound\n (bsc#1200217).\n - SMB3: EBADF/EIO errors in rename/open caused by race condition in\n smb2_compound_op (bsc#1200217).\n - smb3: fix incorrect session setup check for multiuser mounts\n (bsc#1200217).\n - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to\n smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ]\n - smb3: fix snapshot mount option (bsc#1200217).\n - [smb3] improve error message when mount options conflict with posix\n (bsc#1200217).\n - smb3: move defines for ioctl protocol header and SMB2 sizes to\n smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ]\n - smb3: move defines for query info and query fsinfo to smbfs_common\n (bsc#1200217). [ ematsumiya: remove ksmbd parts ]\n - [smb3] move more common protocol header definitions to smbfs_common\n (bsc#1200217). [ ematsumiya: remove ksmbd parts ]\n - smb3: send NTLMSSP version information (bsc#1200217).\n - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe\n (git-fixes).\n - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).\n - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()\n (git-fixes).\n - sunvnet: use icmp_ndo_send helper (git-fixes).\n - tty: goldfish: Fix free_irq() on remove (git-fixes).\n - usb: chipidea: udc: check request status before setting device address\n (git-fixes).\n - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).\n - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe\n (git-fixes).\n - usb: gadget: u_ether: fix regression in setting fixed MAC address\n (git-fixes).\n - usbnet: fix memory allocation in helpers (git-fixes).\n - USB: serial: io_ti: add Agilent E5805A support (git-fixes).\n - USB: serial: option: add Quectel EM05-G modem (git-fixes).\n - USB: serial: option: add Quectel RM500K module support (git-fixes).\n - USB: serial: option: add support for Cinterion MV31 with new baseline\n (git-fixes).\n - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).\n - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).\n - veth: fix races around rq->rx_notify_masked (git-fixes).\n - virtio-mmio: fix missing put_device() when vm_cmdline_parent\n registration failed (git-fixes).\n - virtio-net: fix race between ndo_open() and virtio_device_ready()\n (git-fixes).\n - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).\n - virtio-pci: Remove wrong address verification in vp_del_vqs()\n (git-fixes).\n - vmxnet3: fix minimum vectors alloc issue (bsc#1199489).\n - writeback: Avoid skipping inode writeback (bsc#1200813).\n - writeback: Fix inode->i_io_list not be protected by inode->i_lock error\n (bsc#1200821).\n - xhci: Add reset resume quirk for AMD xhci controller (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap Micro 5.2:\n\n zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2424=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-09-01T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1012", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2022-09-01T00:00:00", "id": "SUSE-SU-2022:2424-2", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NQBAQOEVMNDMJLZJ3VYM6W3VQVEMA7X7/", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-11-08T04:08:17", "description": "An update that solves 11 vulnerabilities and has 49 fixes\n is now available.\n\nDescription:\n\n The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various\n security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre\n like Branch Target Buffer attack, that can leak arbitrary kernel\n information (bsc#1199657).\n - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that\n could be used by a local attacker to escalate privileges (bnc#1201171).\n - CVE-2021-26341: Some AMD CPUs may transiently execute beyond\n unconditional direct branches, which may potentially result in data\n leakage (bsc#1201050).\n - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in\n the way a user forces the ath9k_htc_wait_for_target function to fail\n with some input messages (bsc#1199487).\n - CVE-2022-20132: Fixed out of bounds read due to improper input\n validation in lg_probe and related functions of hid-lg.c (bsc#1200619).\n - CVE-2022-1012: Fixed information leak caused by small table perturb size\n in the TCP source port generation algorithm (bsc#1199482).\n - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)\n - CVE-2022-20141: Fixed a possible use after free due to improper locking\n in ip_check_mc_rcu() (bsc#1200604).\n - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS\n subsystem, related to the replication of files with NFS. A user could\n potentially crash the system or escalate privileges on the system\n (bsc#1194013).\n - CVE-2022-20154: Fixed a use after free due to a race condition in\n lock_sock_nested of sock.c. This could lead to local escalation of\n privilege with System execution privileges needed (bsc#1200599).\n\n The following non-security bugs were fixed:\n\n - ALSA: hda/conexant: Fix missing beep setup (git-fixes).\n - ALSA: hda/realtek - Add HW8326 support (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).\n - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).\n - ALSA: hda/via: Fix missing beep setup (git-fixes).\n - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399\n (git-fixes)\n - arm64: ftrace: fix branch range checks (git-fixes)\n - ASoC: cs35l36: Update digital volume TLV (git-fixes).\n - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).\n - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).\n - ASoC: cs42l56: Correct typo in minimum level for SX volume controls\n (git-fixes).\n - ASoC: cs53l30: Correct number of volume levels on SX controls\n (git-fixes).\n - ASoC: es8328: Fix event generation for deemphasis control (git-fixes).\n - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).\n - ASoC: wm8962: Fix suspend while playing music (git-fixes).\n - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).\n - ata: libata: add qc->flags in ata_qc_complete_template tracepoint\n (git-fixes).\n - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()\n (git-fixes).\n - bcache: avoid journal no-space deadlock by reserving 1 journal bucket\n (git-fixes).\n - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate()\n (bsc#1197362).\n - bcache: fixup multiple threads crash (git-fixes).\n - bcache: improve multithreaded bch_btree_check() (git-fixes).\n - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).\n - bcache: memset on stack variables in bch_btree_check() and\n bch_sectors_dirty_init() (git-fixes).\n - bcache: remove incremental dirty sector counting for\n bch_sectors_dirty_init() (git-fixes).\n - bio: fix page leak bio_add_hw_page failure (git-fixes).\n - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).\n - blk-iolatency: Fix inflight count imbalances and IO hangs on offline\n (bsc#1200825).\n - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED\n (bsc#1200263).\n - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).\n - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)\n - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).\n - block: advance iov_iter on bio_add_hw_page failure (git-fixes).\n - block: do not merge across cgroup boundaries if blkcg is enabled\n (bsc#1198020).\n - block: Fix handling of offline queues in blk_mq_alloc_request_hctx()\n (bsc#1185762).\n - block: Fix kABI in blk-merge.c (bsc#1198020).\n - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).\n - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()\n (git-fixes).\n - caif_virtio: fix race between virtio_device_ready() and ndo_open()\n (git-fixes).\n - ceph: add some lockdep assertions around snaprealm handling\n (bsc#1201147).\n - ceph: clean up locking annotation for ceph_get_snap_realm and\n __lookup_snap_realm (bsc#1201149).\n - certs/blacklist_hashes.c: fix const confusion in certs blacklist\n (git-fixes).\n - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).\n - cifs: adjust DebugData to use chans_need_reconnect for conn status\n (bsc#1200217).\n - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is\n empty (bsc#1200217).\n - cifs: avoid parallel session setups on same channel (bsc#1200217).\n - cifs: avoid race during socket reconnect between send and recv\n (bsc#1200217).\n - cifs: call cifs_reconnect when a connection is marked (bsc#1200217).\n - cifs: call helper functions for marking channels for reconnect\n (bsc#1200217).\n - cifs: change smb2_query_info_compound to use a cached fid, if available\n (bsc#1200217).\n - cifs: check for smb1 in open_cached_dir() (bsc#1200217).\n - cifs: check reconnects for channels of active tcons too (bsc#1200217).\n - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).\n - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits\n (bsc#1200217).\n - cifs: clean up an inconsistent indenting (bsc#1200217).\n - cifs: destage any unwritten data to the server before calling\n copychunk_write (bsc#1200217).\n - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).\n - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set\n (bsc#1200217).\n - cifs: do not use tcpStatus after negotiate completes (bsc#1200217).\n - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).\n - cifs: fix confusing unneeded warning message on smb2.1 and earlier\n (bsc#1200217).\n - cifs: fix double free race when mount fails in cifs_get_root()\n (bsc#1200217).\n - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).\n - cifs: fix handlecache and multiuser (bsc#1200217).\n - cifs: fix hang on cifs_get_next_mid() (bsc#1200217).\n - cifs: fix incorrect use of list iterator after the loop (bsc#1200217).\n - cifs: fix minor compile warning (bsc#1200217).\n - cifs: fix missed refcounting of ipc tcon (bsc#1200217).\n - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).\n - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).\n - cifs: fix potential deadlock in direct reclaim (bsc#1200217).\n - cifs: fix potential double free during failed mount (bsc#1200217).\n - cifs: fix potential race with cifsd thread (bsc#1200217).\n - cifs: fix set of group SID via NTSD xattrs (bsc#1200217).\n - cifs: fix signed integer overflow when fl_end is OFFSET_MAX\n (bsc#1200217).\n - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).\n - cifs: fix the cifs_reconnect path for DFS (bsc#1200217).\n - cifs: fix the connection state transitions with multichannel\n (bsc#1200217).\n - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share\n (bsc#1200217).\n - cifs: fix workstation_name for multiuser mounts (bsc#1200217).\n - cifs: force new session setup and tcon for dfs (bsc#1200217).\n - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).\n - cifs: ignore resource_id while getting fscache super cookie\n (bsc#1200217).\n - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).\n - cifs: make status checks in version independent callers (bsc#1200217).\n - cifs: mark sessions for reconnection in helper function (bsc#1200217).\n - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).\n - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).\n - cifs: move superblock magic defitions to magic.h (bsc#1200217).\n - cifs: potential buffer overflow in handling symlinks (bsc#1200217).\n - cifs: print TIDs as hex (bsc#1200217).\n - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).\n - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs\n refs (bsc#1200217).\n - cifs: reconnect only the connection and not smb session where possible\n (bsc#1200217).\n - cifs: release cached dentries only if mount is complete (bsc#1200217).\n - cifs: remove check of list iterator against head past the loop body\n (bsc#1200217).\n - cifs: remove redundant assignment to pointer p (bsc#1200217).\n - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).\n - cifs: remove repeated state change in dfs tree connect (bsc#1200217).\n - cifs: remove unused variable ses_selected (bsc#1200217).\n - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).\n - cifs: return the more nuanced writeback error on close() (bsc#1200217).\n - cifs: sanitize multiple delimiters in prepath (bsc#1200217).\n - cifs: serialize all mount attempts (bsc#1200217).\n - cifs: set the CREATE_NOT_FILE when opening the directory in\n use_cached_dir() (bsc#1200217).\n - cifs: skip trailing separators of prefix paths (bsc#1200217).\n - cifs: smbd: fix typo in comment (bsc#1200217).\n - cifs: Split the smb3_add_credits tracepoint (bsc#1200217).\n - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).\n - cifs: track individual channel status using chans_need_reconnect\n (bsc#1200217).\n - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).\n - cifs: update internal module number (bsc#1193629).\n - cifs: update internal module number (bsc#1200217).\n - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).\n - cifs: use a different reconnect helper for non-cifsd threads\n (bsc#1200217).\n - cifs: use correct lock type in cifs_reconnect() (bsc#1200217).\n - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).\n - cifs: use new enum for ses_status (bsc#1200217).\n - cifs: use the chans_need_reconnect bitmap for reconnect status\n (bsc#1200217).\n - cifs: verify that tcon is valid before dereference in cifs_kill_sb\n (bsc#1200217).\n - cifs: version operations for smb20 unneeded when legacy support disabled\n (bsc#1200217).\n - cifs: wait for tcon resource_id before getting fscache super\n (bsc#1200217).\n - cifs: we do not need a spinlock around the tree access during umount\n (bsc#1200217).\n - cifs: when extending a file with falloc we should make files not-sparse\n (bsc#1200217).\n - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c\n (git-fixes).\n - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).\n - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).\n - drm/msm: Fix double pm_runtime_disable() call (git-fixes).\n - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).\n - drm/sun4i: Fix crash during suspend after component bind failure\n (git-fixes).\n - exec: Force single empty string when argv is empty (bsc#1200571).\n - ext4: add check to prevent attempting to resize an fs with sparse_super2\n (bsc#1197754).\n - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).\n - ext4: fix bug_on in __es_tree_search (bsc#1200809).\n - ext4: fix race condition between ext4_write and ext4_convert_inline_data\n (bsc#1200807).\n - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole\n (bsc#1200806).\n - ext4: make variable \"count\" signed (bsc#1200820).\n - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).\n - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).\n - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).\n - gtp: use icmp_ndo_send helper (git-fixes).\n - hwmon: (ibmaem) do not call platform_device_del() if\n platform_device_add() fails (git-fixes).\n - i2c: designware: Use standard optional ref clock implementation\n (git-fixes).\n - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).\n - iio:accel:bma180: rearrange iio trigger get and register (git-fixes).\n - iio: accel: mma8452: ignore the return value of reset operation\n (git-fixes).\n - iio: adc: axp288: Override TS pin bias current for some models\n (git-fixes).\n - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).\n - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).\n - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()\n (git-fixes).\n - iio: trigger: sysfs: fix use-after-free on remove (git-fixes).\n - init: Initialize noop_backing_dev_info early (bsc#1200822).\n - inotify: show inotify mask flags in proc fdinfo (bsc#1200600).\n - iomap: iomap_write_failed fix (bsc#1200829).\n - ipvs: add sysctl_run_estimation to support disable estimation\n (bsc#1195504).\n - jfs: fix divide error in dbNextAG (bsc#1200828).\n - kABI fix of sysctl_run_estimation (git-fixes).\n - kabi: nvme workaround header include (bsc#1201193).\n - kabi/severities: ignore KABI for NVMe target (bsc#1192761)\n - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).\n - md: fix update super 1.0 on rdev size change (git-fixes).\n - move devm_allocate to end of structure for kABI (git-fixes).\n - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).\n - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg\n (git-fixes).\n - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).\n - net: ieee802154: ca8210: Stop leaking skb's (git-fixes).\n - net: lantiq: Add locking for TX DMA channel (git-fixes).\n - net: rose: fix UAF bugs caused by timer handler (git-fixes).\n - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).\n - net: usb: ax88179_178a: Fix packet receiving (git-fixes).\n - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).\n - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).\n - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).\n - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).\n - NFS: Do not report errors from nfs_pageio_complete() more than once\n (git-fixes).\n - NFS: Do not report flush errors in nfs_write_end() (git-fixes).\n - NFS: Further fixes to the writeback error handling (git-fixes).\n - NFS: Memory allocation failures are not server fatal errors (git-fixes).\n - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout\n (git-fixes).\n - nvdimm: Fix firmware activation deadlock scenarios (git-fixes).\n - nvdimm/region: Fix default alignment for small regions (git-fixes).\n - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).\n - nvme: Add connect option 'discovery' (bsc#1192761).\n - nvme: add new discovery log page entry definitions (bsc#1192761).\n - nvme: display correct subsystem NQN (bsc#1192761).\n - nvme: expose subsystem type in sysfs attribute 'subsystype'\n (bsc#1192761).\n - nvme: kabi fix nvme subsystype change (bsc#1192761)\n - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).\n - nvmet: add nvmet_req_subsys() helper (bsc#1192761).\n - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).\n - nvmet: do not check iosqes,iocqes for discovery controllers\n (bsc#1192761).\n - nvmet: fix freeing unallocated p2pmem (git-fixes).\n - nvmet: make discovery NQN configurable (bsc#1192761).\n - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).\n - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY\n (git-fixes).\n - nvmet: register discovery subsystem as 'current' (bsc#1192761).\n - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).\n - nvmet: switch check for subsystem type (bsc#1192761).\n - phy: aquantia: Fix AN when higher speeds than 1G are not advertised\n (git-fixes).\n - pNFS: Do not keep retrying if the server replied\n NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).\n - powerpc/idle: Fix return value of __setup() handler (bsc#1065729).\n - powerpc/perf: Fix the threshold compare group constraint for power9\n (bsc#1065729).\n - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address\n (bsc#1200343 ltc#198477).\n - random: Add and use pr_fmt() (bsc#1184924).\n - random: remove unnecessary unlikely() (bsc#1184924).\n - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips\n (git-fixes).\n - Revert \"block: Fix a lockdep complaint triggered by request queue\n flushing\" (git-fixes).\n - scsi: core: Show SCMD_LAST in text form (git-fixes).\n - scsi: ibmvfc: Allocate/free queue resource only during probe/remove\n (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).\n - scsi: ibmvfc: Store vhost pointer during subcrq allocation\n (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).\n - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe\n cmds (bsc#1201193).\n - scsi: lpfc: Address NULL pointer dereference after starget_to_rport()\n (bsc#1201193).\n - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).\n - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).\n - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd\n completion (bsc#1201193).\n - scsi: lpfc: Commonize VMID code location (bsc#1201193).\n - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in\n lpfc_ct_reject_event() (bsc#1201193).\n - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology\n (bsc#1201193).\n - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted\n (bsc#1201193).\n - scsi: lpfc: Resolve some cleanup issues following abort path refactoring\n (bsc#1201193).\n - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring\n (bsc#1201193).\n - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent\n (bsc#1201193).\n - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).\n - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).\n - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).\n - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).\n - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).\n - scsi: qla2xxx: edif: Add bsg interface to read doorbell events\n (bsc#1201160).\n - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).\n - scsi: qla2xxx: edif: bsg refactor (bsc#1201160).\n - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).\n - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).\n - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).\n - scsi: qla2xxx: edif: Fix potential stuck session in sa update\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).\n - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce disruption due to multiple app start\n (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time\n (bsc#1201160).\n - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).\n - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).\n - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication\n application (bsc#1201160).\n - scsi: qla2xxx: edif: Tear down session if keys have been removed\n (bsc#1201160).\n - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).\n - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts\n (bsc#1201160).\n - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection\n (bsc#1201160).\n - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).\n - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests\n (bsc#1201160).\n - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os\n (bsc#1201160).\n - scsi: qla2xxx: Fix losing target when it reappears during delete\n (bsc#1201160).\n - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters\n (bsc#1201160).\n - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).\n - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).\n - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).\n - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).\n - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).\n - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).\n - scsi: sd: Signal drive managed SMR disks (git-fixes).\n - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).\n - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).\n - scsi: sd_zbc: Improve zone revalidation (git-fixes).\n - scsi: sd_zbc: Remove unused inline functions (git-fixes).\n - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).\n - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195\n bsc#1200622).\n - smb3: add mount parm nosparse (bsc#1200217).\n - smb3: add trace point for lease not found issue (bsc#1200217).\n - smb3: add trace point for oplock not found (bsc#1200217).\n - smb3: check for null tcon (bsc#1200217).\n - smb3: cleanup and clarify status of tree connections (bsc#1200217).\n - smb3: do not set rc when used and unneeded in query_info_compound\n (bsc#1200217).\n - SMB3: EBADF/EIO errors in rename/open caused by race condition in\n smb2_compound_op (bsc#1200217).\n - smb3: fix incorrect session setup check for multiuser mounts\n (bsc#1200217).\n - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to\n smbfs_common (bsc#1200217).\n - smb3: fix snapshot mount option (bsc#1200217).\n - smb3 improve error message when mount options conflict with posix\n (bsc#1200217).\n - smb3: move defines for ioctl protocol header and SMB2 sizes to\n smbfs_common (bsc#1200217).\n - smb3: move defines for query info and query fsinfo to smbfs_common\n (bsc#1200217).\n - smb3: move more common protocol header definitions to smbfs_common\n (bsc#1200217).\n - smb3: send NTLMSSP version information (bsc#1200217).\n - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe\n (git-fixes).\n - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).\n - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()\n (git-fixes).\n - sunvnet: use icmp_ndo_send helper (git-fixes).\n - tty: goldfish: Fix free_irq() on remove (git-fixes).\n - usb: chipidea: udc: check request status before setting device address\n (git-fixes).\n - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).\n - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe\n (git-fixes).\n - usb: gadget: u_ether: fix regression in setting fixed MAC address\n (git-fixes).\n - usbnet: fix memory allocation in helpers (git-fixes).\n - USB: serial: io_ti: add Agilent E5805A support (git-fixes).\n - USB: serial: option: add Quectel EM05-G modem (git-fixes).\n - USB: serial: option: add Quectel RM500K module support (git-fixes).\n - USB: serial: option: add support for Cinterion MV31 with new baseline\n (git-fixes).\n - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).\n - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).\n - veth: fix races around rq->rx_notify_masked (git-fixes).\n - virtio-mmio: fix missing put_device() when vm_cmdline_parent\n registration failed (git-fixes).\n - virtio-net: fix race between ndo_open() and virtio_device_ready()\n (git-fixes).\n - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).\n - virtio-pci: Remove wrong address verification in vp_del_vqs()\n (git-fixes).\n - vmxnet3: fix minimum vectors alloc issue (bsc#1199489).\n - writeback: Avoid skipping inode writeback (bsc#1200813).\n - writeback: Fix inode->i_io_list not be protected by inode->i_lock error\n (bsc#1200821).\n - xhci: Add reset resume quirk for AMD xhci controller (git-fixes).\n - x86/entry: Remove skip_r11rcx (bsc#1201644).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-2549=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-2549=1\n\n - SUSE Linux Enterprise Workstation Extension 15-SP3:\n\n zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2549=1\n\n - SUSE Linux Enterprise Module for Live Patching 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2549=1\n\n Please note that this is the initial kernel livepatch without fixes\n itself, this livepatch package is later updated by seperate standalone\n livepatch updates.\n\n - SUSE Linux Enterprise Module for Legacy Software 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2549=1\n\n - SUSE Linux Enterprise Module for Development Tools 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2549=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2549=1\n\n - SUSE Linux Enterprise Micro 5.2:\n\n zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2549=1\n\n - SUSE Linux Enterprise Micro 5.1:\n\n zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2549=1\n\n - SUSE Linux Enterprise High Availability 15-SP3:\n\n zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2549=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-07-26T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1012", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2022-07-26T00:00:00", "id": "SUSE-SU-2022:2549-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HCR7HUTOWF4KGW66ZVKP6ZLD226PQDDK/", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-09-30T20:23:38", "description": "An update that solves 11 vulnerabilities and has 44 fixes\n is now available.\n\nDescription:\n\n The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various\n security and bugfixes.\n\n NOTE:\n\n This update has been retracted, as it has caused regressions on multiple\n machines types.\n\n\n The following security bugs were fixed:\n\n - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre\n like Branch Target Buffer attack, that can leak arbitrary kernel\n information (bsc#1199657).\n - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that\n could be used by a local attacker to escalate privileges (bnc#1201171).\n - CVE-2021-26341: Some AMD CPUs may transiently execute beyond\n unconditional direct branches, which may potentially result in data\n leakage (bsc#1201050).\n - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in\n the way a user forces the ath9k_htc_wait_for_target function to fail\n with some input messages (bsc#1199487).\n - CVE-2022-20132: Fixed out of bounds read due to improper input\n validation in lg_probe and related functions of hid-lg.c (bsc#1200619).\n - CVE-2022-1012: Fixed information leak caused by small table perturb size\n in the TCP source port generation algorithm (bsc#1199482).\n - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)\n - CVE-2022-20141: Fixed a possible use after free due to improper locking\n in ip_check_mc_rcu() (bsc#1200604).\n - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS\n subsystem, related to the replication of files with NFS. A user could\n potentially crash the system or escalate privileges on the system\n (bsc#1194013).\n - CVE-2022-20154: Fixed a use after free due to a race condition in\n lock_sock_nested of sock.c. This could lead to local escalation of\n privilege with System execution privileges needed (bsc#1200599).\n\n The following non-security bugs were fixed:\n\n - ALSA: hda/conexant: Fix missing beep setup (git-fixes).\n - ALSA: hda/realtek - Add HW8326 support (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).\n - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).\n - ALSA: hda/via: Fix missing beep setup (git-fixes).\n - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399\n (git-fixes)\n - arm64: ftrace: fix branch range checks (git-fixes)\n - ASoC: cs35l36: Update digital volume TLV (git-fixes).\n - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).\n - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).\n - ASoC: cs42l56: Correct typo in minimum level for SX volume controls\n (git-fixes).\n - ASoC: cs53l30: Correct number of volume levels on SX controls\n (git-fixes).\n - ASoC: es8328: Fix event generation for deemphasis control (git-fixes).\n - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).\n - ASoC: wm8962: Fix suspend while playing music (git-fixes).\n - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).\n - ata: libata: add qc->flags in ata_qc_complete_template tracepoint\n (git-fixes).\n - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()\n (git-fixes).\n - bcache: avoid journal no-space deadlock by reserving 1 journal bucket\n (git-fixes).\n - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate()\n (bsc#1197362).\n - bcache: fixup multiple threads crash (git-fixes).\n - bcache: improve multithreaded bch_btree_check() (git-fixes).\n - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).\n - bcache: memset on stack variables in bch_btree_check() and\n bch_sectors_dirty_init() (git-fixes).\n - bcache: remove incremental dirty sector counting for\n bch_sectors_dirty_init() (git-fixes).\n - bio: fix page leak bio_add_hw_page failure (git-fixes).\n - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).\n - blk-iolatency: Fix inflight count imbalances and IO hangs on offline\n (bsc#1200825).\n - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED\n (bsc#1200263).\n - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).\n - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)\n - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).\n - block: advance iov_iter on bio_add_hw_page failure (git-fixes).\n - block: do not merge across cgroup boundaries if blkcg is enabled\n (bsc#1198020).\n - block: Fix handling of offline queues in blk_mq_alloc_request_hctx()\n (bsc#1185762).\n - block: Fix kABI in blk-merge.c (bsc#1198020).\n - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).\n - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()\n (git-fixes).\n - caif_virtio: fix race between virtio_device_ready() and ndo_open()\n (git-fixes).\n - ceph: add some lockdep assertions around snaprealm handling\n (bsc#1201147).\n - ceph: clean up locking annotation for ceph_get_snap_realm and\n __lookup_snap_realm (bsc#1201149).\n - certs/blacklist_hashes.c: fix const confusion in certs blacklist\n (git-fixes).\n - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).\n - cifs: adjust DebugData to use chans_need_reconnect for conn status\n (bsc#1200217).\n - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is\n empty (bsc#1200217).\n - cifs: avoid parallel session setups on same channel (bsc#1200217).\n - cifs: avoid race during socket reconnect between send and recv\n (bsc#1200217).\n - cifs: call cifs_reconnect when a connection is marked (bsc#1200217).\n - cifs: call helper functions for marking channels for reconnect\n (bsc#1200217).\n - cifs: change smb2_query_info_compound to use a cached fid, if available\n (bsc#1200217).\n - cifs: check for smb1 in open_cached_dir() (bsc#1200217).\n - cifs: check reconnects for channels of active tcons too (bsc#1200217).\n - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).\n - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits\n (bsc#1200217).\n - cifs: clean up an inconsistent indenting (bsc#1200217).\n - cifs: destage any unwritten data to the server before calling\n copychunk_write (bsc#1200217).\n - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).\n - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set\n (bsc#1200217).\n - cifs: do not use tcpStatus after negotiate completes (bsc#1200217).\n - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).\n - cifs: fix confusing unneeded warning message on smb2.1 and earlier\n (bsc#1200217).\n - cifs: fix double free race when mount fails in cifs_get_root()\n (bsc#1200217).\n - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).\n - cifs: fix handlecache and multiuser (bsc#1200217).\n - cifs: fix hang on cifs_get_next_mid() (bsc#1200217).\n - cifs: fix incorrect use of list iterator after the loop (bsc#1200217).\n - cifs: fix minor compile warning (bsc#1200217).\n - cifs: fix missed refcounting of ipc tcon (bsc#1200217).\n - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).\n - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).\n - cifs: fix potential deadlock in direct reclaim (bsc#1200217).\n - cifs: fix potential double free during failed mount (bsc#1200217).\n - cifs: fix potential race with cifsd thread (bsc#1200217).\n - cifs: fix set of group SID via NTSD xattrs (bsc#1200217).\n - cifs: fix signed integer overflow when fl_end is OFFSET_MAX\n (bsc#1200217).\n - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).\n - cifs: fix the cifs_reconnect path for DFS (bsc#1200217).\n - cifs: fix the connection state transitions with multichannel\n (bsc#1200217).\n - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share\n (bsc#1200217).\n - cifs: fix workstation_name for multiuser mounts (bsc#1200217).\n - cifs: force new session setup and tcon for dfs (bsc#1200217).\n - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).\n - cifs: ignore resource_id while getting fscache super cookie\n (bsc#1200217).\n - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).\n - cifs: make status checks in version independent callers (bsc#1200217).\n - cifs: mark sessions for reconnection in helper function (bsc#1200217).\n - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).\n - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).\n - cifs: move superblock magic defitions to magic.h (bsc#1200217).\n - cifs: potential buffer overflow in handling symlinks (bsc#1200217).\n - cifs: print TIDs as hex (bsc#1200217).\n - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).\n - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs\n refs (bsc#1200217).\n - cifs: reconnect only the connection and not smb session where possible\n (bsc#1200217).\n - cifs: release cached dentries only if mount is complete (bsc#1200217).\n - cifs: remove check of list iterator against head past the loop body\n (bsc#1200217).\n - cifs: remove redundant assignment to pointer p (bsc#1200217).\n - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).\n - cifs: remove repeated state change in dfs tree connect (bsc#1200217).\n - cifs: remove unused variable ses_selected (bsc#1200217).\n - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).\n - cifs: return the more nuanced writeback error on close() (bsc#1200217).\n - cifs: sanitize multiple delimiters in prepath (bsc#1200217).\n - cifs: serialize all mount attempts (bsc#1200217).\n - cifs: set the CREATE_NOT_FILE when opening the directory in\n use_cached_dir() (bsc#1200217).\n - cifs: skip trailing separators of prefix paths (bsc#1200217).\n - cifs: smbd: fix typo in comment (bsc#1200217).\n - cifs: Split the smb3_add_credits tracepoint (bsc#1200217).\n - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).\n - cifs: track individual channel status using chans_need_reconnect\n (bsc#1200217).\n - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).\n - cifs: update internal module number (bsc#1193629).\n - cifs: update internal module number (bsc#1200217).\n - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).\n - cifs: use a different reconnect helper for non-cifsd threads\n (bsc#1200217).\n - cifs: use correct lock type in cifs_reconnect() (bsc#1200217).\n - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).\n - cifs: use new enum for ses_status (bsc#1200217).\n - cifs: use the chans_need_reconnect bitmap for reconnect status\n (bsc#1200217).\n - cifs: verify that tcon is valid before dereference in cifs_kill_sb\n (bsc#1200217).\n - cifs: version operations for smb20 unneeded when legacy support disabled\n (bsc#1200217).\n - cifs: wait for tcon resource_id before getting fscache super\n (bsc#1200217).\n - cifs: we do not need a spinlock around the tree access during umount\n (bsc#1200217).\n - cifs: when extending a file with falloc we should make files not-sparse\n (bsc#1200217).\n - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c\n (git-fixes).\n - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).\n - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).\n - drm/msm: Fix double pm_runtime_disable() call (git-fixes).\n - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).\n - drm/sun4i: Fix crash during suspend after component bind failure\n (git-fixes).\n - exec: Force single empty string when argv is empty (bsc#1200571).\n - ext4: add check to prevent attempting to resize an fs with sparse_super2\n (bsc#1197754).\n - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).\n - ext4: fix bug_on in __es_tree_search (bsc#1200809).\n - ext4: fix race condition between ext4_write and ext4_convert_inline_data\n (bsc#1200807).\n - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole\n (bsc#1200806).\n - ext4: make variable \"count\" signed (bsc#1200820).\n - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).\n - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).\n - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).\n - gtp: use icmp_ndo_send helper (git-fixes).\n - hwmon: (ibmaem) do not call platform_device_del() if\n platform_device_add() fails (git-fixes).\n - i2c: designware: Use standard optional ref clock implementation\n (git-fixes).\n - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).\n - iio:accel:bma180: rearrange iio trigger get and register (git-fixes).\n - iio: accel: mma8452: ignore the return value of reset operation\n (git-fixes).\n - iio: adc: axp288: Override TS pin bias current for some models\n (git-fixes).\n - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).\n - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).\n - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()\n (git-fixes).\n - iio: trigger: sysfs: fix use-after-free on remove (git-fixes).\n - init: Initialize noop_backing_dev_info early (bsc#1200822).\n - inotify: show inotify mask flags in proc fdinfo (bsc#1200600).\n - iomap: iomap_write_failed fix (bsc#1200829).\n - ipvs: add sysctl_run_estimation to support disable estimation\n (bsc#1195504).\n - jfs: fix divide error in dbNextAG (bsc#1200828).\n - kABI fix of sysctl_run_estimation (git-fixes).\n - kabi: nvme workaround header include (bsc#1201193).\n - kabi/severities: ignore KABI for NVMe target (bsc#1192761)\n - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).\n - md: fix update super 1.0 on rdev size change (git-fixes).\n - move devm_allocate to end of structure for kABI (git-fixes).\n - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).\n - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg\n (git-fixes).\n - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).\n - net: ieee802154: ca8210: Stop leaking skb's (git-fixes).\n - net: lantiq: Add locking for TX DMA channel (git-fixes).\n - net: rose: fix UAF bugs caused by timer handler (git-fixes).\n - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).\n - net: usb: ax88179_178a: Fix packet receiving (git-fixes).\n - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).\n - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).\n - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).\n - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).\n - NFS: Do not report errors from nfs_pageio_complete() more than once\n (git-fixes).\n - NFS: Do not report flush errors in nfs_write_end() (git-fixes).\n - NFS: Further fixes to the writeback error handling (git-fixes).\n - NFS: Memory allocation failures are not server fatal errors (git-fixes).\n - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout\n (git-fixes).\n - nvdimm: Fix firmware activation deadlock scenarios (git-fixes).\n - nvdimm/region: Fix default alignment for small regions (git-fixes).\n - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).\n - nvme: Add connect option 'discovery' (bsc#1192761).\n - nvme: add new discovery log page entry definitions (bsc#1192761).\n - nvme: display correct subsystem NQN (bsc#1192761).\n - nvme: expose subsystem type in sysfs attribute 'subsystype'\n (bsc#1192761).\n - nvme: kabi fix nvme subsystype change (bsc#1192761)\n - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).\n - nvmet: add nvmet_req_subsys() helper (bsc#1192761).\n - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).\n - nvmet: do not check iosqes,iocqes for discovery controllers\n (bsc#1192761).\n - nvmet: fix freeing unallocated p2pmem (git-fixes).\n - nvmet: make discovery NQN configurable (bsc#1192761).\n - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).\n - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY\n (git-fixes).\n - nvmet: register discovery subsystem as 'current' (bsc#1192761).\n - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).\n - nvmet: switch check for subsystem type (bsc#1192761).\n - phy: aquantia: Fix AN when higher speeds than 1G are not advertised\n (git-fixes).\n - pNFS: Do not keep retrying if the server replied\n NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).\n - powerpc/idle: Fix return value of __setup() handler (bsc#1065729).\n - powerpc/perf: Fix the threshold compare group constraint for power9\n (bsc#1065729).\n - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address\n (bsc#1200343 ltc#198477).\n - random: Add and use pr_fmt() (bsc#1184924).\n - random: remove unnecessary unlikely() (bsc#1184924).\n - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips\n (git-fixes).\n - Revert \"block: Fix a lockdep complaint triggered by request queue\n flushing\" (git-fixes).\n - scsi: core: Show SCMD_LAST in text form (git-fixes).\n - scsi: ibmvfc: Allocate/free queue resource only during probe/remove\n (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).\n - scsi: ibmvfc: Store vhost pointer during subcrq allocation\n (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).\n - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe\n cmds (bsc#1201193).\n - scsi: lpfc: Address NULL pointer dereference after starget_to_rport()\n (bsc#1201193).\n - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).\n - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).\n - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd\n completion (bsc#1201193).\n - scsi: lpfc: Commonize VMID code location (bsc#1201193).\n - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in\n lpfc_ct_reject_event() (bsc#1201193).\n - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology\n (bsc#1201193).\n - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted\n (bsc#1201193).\n - scsi: lpfc: Resolve some cleanup issues following abort path refactoring\n (bsc#1201193).\n - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring\n (bsc#1201193).\n - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent\n (bsc#1201193).\n - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).\n - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).\n - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).\n - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).\n - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).\n - scsi: qla2xxx: edif: Add bsg interface to read doorbell events\n (bsc#1201160).\n - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).\n - scsi: qla2xxx: edif: bsg refactor (bsc#1201160).\n - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).\n - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).\n - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).\n - scsi: qla2xxx: edif: Fix potential stuck session in sa update\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).\n - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce disruption due to multiple app start\n (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time\n (bsc#1201160).\n - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).\n - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).\n - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication\n application (bsc#1201160).\n - scsi: qla2xxx: edif: Tear down session if keys have been removed\n (bsc#1201160).\n - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).\n - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts\n (bsc#1201160).\n - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection\n (bsc#1201160).\n - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).\n - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests\n (bsc#1201160).\n - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os\n (bsc#1201160).\n - scsi: qla2xxx: Fix losing target when it reappears during delete\n (bsc#1201160).\n - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters\n (bsc#1201160).\n - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).\n - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).\n - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).\n - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).\n - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).\n - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).\n - scsi: sd: Signal drive managed SMR disks (git-fixes).\n - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).\n - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).\n - scsi: sd_zbc: Improve zone revalidation (git-fixes).\n - scsi: sd_zbc: Remove unused inline functions (git-fixes).\n - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).\n - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195\n bsc#1200622).\n - smb3: add mount parm nosparse (bsc#1200217).\n - smb3: add trace point for lease not found issue (bsc#1200217).\n - smb3: add trace point for oplock not found (bsc#1200217).\n - smb3: check for null tcon (bsc#1200217).\n - smb3: cleanup and clarify status of tree connections (bsc#1200217).\n - smb3: do not set rc when used and unneeded in query_info_compound\n (bsc#1200217).\n - SMB3: EBADF/EIO errors in rename/open caused by race condition in\n smb2_compound_op (bsc#1200217).\n - smb3: fix incorrect session setup check for multiuser mounts\n (bsc#1200217).\n - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to\n smbfs_common (bsc#1200217).\n - smb3: fix snapshot mount option (bsc#1200217).\n - smb3 improve error message when mount options conflict with posix\n (bsc#1200217).\n - smb3: move defines for ioctl protocol header and SMB2 sizes to\n smbfs_common (bsc#1200217).\n - smb3: move defines for query info and query fsinfo to smbfs_common\n (bsc#1200217).\n - smb3: move more common protocol header definitions to smbfs_common\n (bsc#1200217).\n - smb3: send NTLMSSP version information (bsc#1200217).\n - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe\n (git-fixes).\n - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).\n - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()\n (git-fixes).\n - sunvnet: use icmp_ndo_send helper (git-fixes).\n - tty: goldfish: Fix free_irq() on remove (git-fixes).\n - usb: chipidea: udc: check request status before setting device address\n (git-fixes).\n - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).\n - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe\n (git-fixes).\n - usb: gadget: u_ether: fix regression in setting fixed MAC address\n (git-fixes).\n - usbnet: fix memory allocation in helpers (git-fixes).\n - USB: serial: io_ti: add Agilent E5805A support (git-fixes).\n - USB: serial: option: add Quectel EM05-G modem (git-fixes).\n - USB: serial: option: add Quectel RM500K module support (git-fixes).\n - USB: serial: option: add support for Cinterion MV31 with new baseline\n (git-fixes).\n - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).\n - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).\n - veth: fix races around rq->rx_notify_masked (git-fixes).\n - virtio-mmio: fix missing put_device() when vm_cmdline_parent\n registration failed (git-fixes).\n - virtio-net: fix race between ndo_open() and virtio_device_ready()\n (git-fixes).\n - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).\n - virtio-pci: Remove wrong address verification in vp_del_vqs()\n (git-fixes).\n - vmxnet3: fix minimum vectors alloc issue (bsc#1199489).\n - writeback: Avoid skipping inode writeback (bsc#1200813).\n - writeback: Fix inode->i_io_list not be protected by inode->i_lock error\n (bsc#1200821).\n - xhci: Add reset resume quirk for AMD xhci controller (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap Micro 5.2:\n\n zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2422=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-09-01T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1012", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2022-09-01T00:00:00", "id": "OPENSUSE-SU-2022:2422-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UCV6OZAODHO3XSCOPNA6KBP5EOWSRH4L/", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-09-30T20:23:38", "description": "An update that solves 11 vulnerabilities and has 49 fixes\n is now available.\n\nDescription:\n\n The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various\n security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre\n like Branch Target Buffer attack, that can leak arbitrary kernel\n information (bsc#1199657).\n - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that\n could be used by a local attacker to escalate privileges (bnc#1201171).\n - CVE-2021-26341: Some AMD CPUs may transiently execute beyond\n unconditional direct branches, which may potentially result in data\n leakage (bsc#1201050).\n - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in\n the way a user forces the ath9k_htc_wait_for_target function to fail\n with some input messages (bsc#1199487).\n - CVE-2022-20132: Fixed out of bounds read due to improper input\n validation in lg_probe and related functions of hid-lg.c (bsc#1200619).\n - CVE-2022-1012: Fixed information leak caused by small table perturb size\n in the TCP source port generation algorithm (bsc#1199482).\n - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)\n - CVE-2022-20141: Fixed a possible use after free due to improper locking\n in ip_check_mc_rcu() (bsc#1200604).\n - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS\n subsystem, related to the replication of files with NFS. A user could\n potentially crash the system or escalate privileges on the system\n (bsc#1194013).\n - CVE-2022-20154: Fixed a use after free due to a race condition in\n lock_sock_nested of sock.c. This could lead to local escalation of\n privilege with System execution privileges needed (bsc#1200599).\n\n The following non-security bugs were fixed:\n\n - ALSA: hda/conexant: Fix missing beep setup (git-fixes).\n - ALSA: hda/realtek - Add HW8326 support (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).\n - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).\n - ALSA: hda/via: Fix missing beep setup (git-fixes).\n - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399\n (git-fixes)\n - arm64: ftrace: fix branch range checks (git-fixes)\n - ASoC: cs35l36: Update digital volume TLV (git-fixes).\n - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).\n - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).\n - ASoC: cs42l56: Correct typo in minimum level for SX volume controls\n (git-fixes).\n - ASoC: cs53l30: Correct number of volume levels on SX controls\n (git-fixes).\n - ASoC: es8328: Fix event generation for deemphasis control (git-fixes).\n - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).\n - ASoC: wm8962: Fix suspend while playing music (git-fixes).\n - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).\n - ata: libata: add qc->flags in ata_qc_complete_template tracepoint\n (git-fixes).\n - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()\n (git-fixes).\n - bcache: avoid journal no-space deadlock by reserving 1 journal bucket\n (git-fixes).\n - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate()\n (bsc#1197362).\n - bcache: fixup multiple threads crash (git-fixes).\n - bcache: improve multithreaded bch_btree_check() (git-fixes).\n - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).\n - bcache: memset on stack variables in bch_btree_check() and\n bch_sectors_dirty_init() (git-fixes).\n - bcache: remove incremental dirty sector counting for\n bch_sectors_dirty_init() (git-fixes).\n - bio: fix page leak bio_add_hw_page failure (git-fixes).\n - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).\n - blk-iolatency: Fix inflight count imbalances and IO hangs on offline\n (bsc#1200825).\n - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED\n (bsc#1200263).\n - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).\n - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)\n - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).\n - block: advance iov_iter on bio_add_hw_page failure (git-fixes).\n - block: do not merge across cgroup boundaries if blkcg is enabled\n (bsc#1198020).\n - block: Fix handling of offline queues in blk_mq_alloc_request_hctx()\n (bsc#1185762).\n - block: Fix kABI in blk-merge.c (bsc#1198020).\n - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).\n - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()\n (git-fixes).\n - caif_virtio: fix race between virtio_device_ready() and ndo_open()\n (git-fixes).\n - ceph: add some lockdep assertions around snaprealm handling\n (bsc#1201147).\n - ceph: clean up locking annotation for ceph_get_snap_realm and\n __lookup_snap_realm (bsc#1201149).\n - certs/blacklist_hashes.c: fix const confusion in certs blacklist\n (git-fixes).\n - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).\n - cifs: adjust DebugData to use chans_need_reconnect for conn status\n (bsc#1200217).\n - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is\n empty (bsc#1200217).\n - cifs: avoid parallel session setups on same channel (bsc#1200217).\n - cifs: avoid race during socket reconnect between send and recv\n (bsc#1200217).\n - cifs: call cifs_reconnect when a connection is marked (bsc#1200217).\n - cifs: call helper functions for marking channels for reconnect\n (bsc#1200217).\n - cifs: change smb2_query_info_compound to use a cached fid, if available\n (bsc#1200217).\n - cifs: check for smb1 in open_cached_dir() (bsc#1200217).\n - cifs: check reconnects for channels of active tcons too (bsc#1200217).\n - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).\n - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits\n (bsc#1200217).\n - cifs: clean up an inconsistent indenting (bsc#1200217).\n - cifs: destage any unwritten data to the server before calling\n copychunk_write (bsc#1200217).\n - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).\n - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set\n (bsc#1200217).\n - cifs: do not use tcpStatus after negotiate completes (bsc#1200217).\n - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).\n - cifs: fix confusing unneeded warning message on smb2.1 and earlier\n (bsc#1200217).\n - cifs: fix double free race when mount fails in cifs_get_root()\n (bsc#1200217).\n - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).\n - cifs: fix handlecache and multiuser (bsc#1200217).\n - cifs: fix hang on cifs_get_next_mid() (bsc#1200217).\n - cifs: fix incorrect use of list iterator after the loop (bsc#1200217).\n - cifs: fix minor compile warning (bsc#1200217).\n - cifs: fix missed refcounting of ipc tcon (bsc#1200217).\n - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).\n - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).\n - cifs: fix potential deadlock in direct reclaim (bsc#1200217).\n - cifs: fix potential double free during failed mount (bsc#1200217).\n - cifs: fix potential race with cifsd thread (bsc#1200217).\n - cifs: fix set of group SID via NTSD xattrs (bsc#1200217).\n - cifs: fix signed integer overflow when fl_end is OFFSET_MAX\n (bsc#1200217).\n - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).\n - cifs: fix the cifs_reconnect path for DFS (bsc#1200217).\n - cifs: fix the connection state transitions with multichannel\n (bsc#1200217).\n - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share\n (bsc#1200217).\n - cifs: fix workstation_name for multiuser mounts (bsc#1200217).\n - cifs: force new session setup and tcon for dfs (bsc#1200217).\n - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).\n - cifs: ignore resource_id while getting fscache super cookie\n (bsc#1200217).\n - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).\n - cifs: make status checks in version independent callers (bsc#1200217).\n - cifs: mark sessions for reconnection in helper function (bsc#1200217).\n - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).\n - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).\n - cifs: move superblock magic defitions to magic.h (bsc#1200217).\n - cifs: potential buffer overflow in handling symlinks (bsc#1200217).\n - cifs: print TIDs as hex (bsc#1200217).\n - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).\n - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs\n refs (bsc#1200217).\n - cifs: reconnect only the connection and not smb session where possible\n (bsc#1200217).\n - cifs: release cached dentries only if mount is complete (bsc#1200217).\n - cifs: remove check of list iterator against head past the loop body\n (bsc#1200217).\n - cifs: remove redundant assignment to pointer p (bsc#1200217).\n - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).\n - cifs: remove repeated state change in dfs tree connect (bsc#1200217).\n - cifs: remove unused variable ses_selected (bsc#1200217).\n - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).\n - cifs: return the more nuanced writeback error on close() (bsc#1200217).\n - cifs: sanitize multiple delimiters in prepath (bsc#1200217).\n - cifs: serialize all mount attempts (bsc#1200217).\n - cifs: set the CREATE_NOT_FILE when opening the directory in\n use_cached_dir() (bsc#1200217).\n - cifs: skip trailing separators of prefix paths (bsc#1200217).\n - cifs: smbd: fix typo in comment (bsc#1200217).\n - cifs: Split the smb3_add_credits tracepoint (bsc#1200217).\n - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).\n - cifs: track individual channel status using chans_need_reconnect\n (bsc#1200217).\n - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).\n - cifs: update internal module number (bsc#1193629).\n - cifs: update internal module number (bsc#1200217).\n - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).\n - cifs: use a different reconnect helper for non-cifsd threads\n (bsc#1200217).\n - cifs: use correct lock type in cifs_reconnect() (bsc#1200217).\n - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).\n - cifs: use new enum for ses_status (bsc#1200217).\n - cifs: use the chans_need_reconnect bitmap for reconnect status\n (bsc#1200217).\n - cifs: verify that tcon is valid before dereference in cifs_kill_sb\n (bsc#1200217).\n - cifs: version operations for smb20 unneeded when legacy support disabled\n (bsc#1200217).\n - cifs: wait for tcon resource_id before getting fscache super\n (bsc#1200217).\n - cifs: we do not need a spinlock around the tree access during umount\n (bsc#1200217).\n - cifs: when extending a file with falloc we should make files not-sparse\n (bsc#1200217).\n - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c\n (git-fixes).\n - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).\n - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).\n - drm/msm: Fix double pm_runtime_disable() call (git-fixes).\n - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).\n - drm/sun4i: Fix crash during suspend after component bind failure\n (git-fixes).\n - exec: Force single empty string when argv is empty (bsc#1200571).\n - ext4: add check to prevent attempting to resize an fs with sparse_super2\n (bsc#1197754).\n - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).\n - ext4: fix bug_on in __es_tree_search (bsc#1200809).\n - ext4: fix race condition between ext4_write and ext4_convert_inline_data\n (bsc#1200807).\n - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole\n (bsc#1200806).\n - ext4: make variable \"count\" signed (bsc#1200820).\n - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).\n - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).\n - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).\n - gtp: use icmp_ndo_send helper (git-fixes).\n - hwmon: (ibmaem) do not call platform_device_del() if\n platform_device_add() fails (git-fixes).\n - i2c: designware: Use standard optional ref clock implementation\n (git-fixes).\n - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).\n - iio:accel:bma180: rearrange iio trigger get and register (git-fixes).\n - iio: accel: mma8452: ignore the return value of reset operation\n (git-fixes).\n - iio: adc: axp288: Override TS pin bias current for some models\n (git-fixes).\n - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).\n - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).\n - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()\n (git-fixes).\n - iio: trigger: sysfs: fix use-after-free on remove (git-fixes).\n - init: Initialize noop_backing_dev_info early (bsc#1200822).\n - inotify: show inotify mask flags in proc fdinfo (bsc#1200600).\n - iomap: iomap_write_failed fix (bsc#1200829).\n - ipvs: add sysctl_run_estimation to support disable estimation\n (bsc#1195504).\n - jfs: fix divide error in dbNextAG (bsc#1200828).\n - kABI fix of sysctl_run_estimation (git-fixes).\n - kabi: nvme workaround header include (bsc#1201193).\n - kabi/severities: ignore KABI for NVMe target (bsc#1192761)\n - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).\n - md: fix update super 1.0 on rdev size change (git-fixes).\n - move devm_allocate to end of structure for kABI (git-fixes).\n - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).\n - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg\n (git-fixes).\n - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).\n - net: ieee802154: ca8210: Stop leaking skb's (git-fixes).\n - net: lantiq: Add locking for TX DMA channel (git-fixes).\n - net: rose: fix UAF bugs caused by timer handler (git-fixes).\n - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).\n - net: usb: ax88179_178a: Fix packet receiving (git-fixes).\n - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).\n - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).\n - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).\n - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).\n - NFS: Do not report errors from nfs_pageio_complete() more than once\n (git-fixes).\n - NFS: Do not report flush errors in nfs_write_end() (git-fixes).\n - NFS: Further fixes to the writeback error handling (git-fixes).\n - NFS: Memory allocation failures are not server fatal errors (git-fixes).\n - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout\n (git-fixes).\n - nvdimm: Fix firmware activation deadlock scenarios (git-fixes).\n - nvdimm/region: Fix default alignment for small regions (git-fixes).\n - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).\n - nvme: Add connect option 'discovery' (bsc#1192761).\n - nvme: add new discovery log page entry definitions (bsc#1192761).\n - nvme: display correct subsystem NQN (bsc#1192761).\n - nvme: expose subsystem type in sysfs attribute 'subsystype'\n (bsc#1192761).\n - nvme: kabi fix nvme subsystype change (bsc#1192761)\n - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).\n - nvmet: add nvmet_req_subsys() helper (bsc#1192761).\n - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).\n - nvmet: do not check iosqes,iocqes for discovery controllers\n (bsc#1192761).\n - nvmet: fix freeing unallocated p2pmem (git-fixes).\n - nvmet: make discovery NQN configurable (bsc#1192761).\n - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).\n - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY\n (git-fixes).\n - nvmet: register discovery subsystem as 'current' (bsc#1192761).\n - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).\n - nvmet: switch check for subsystem type (bsc#1192761).\n - phy: aquantia: Fix AN when higher speeds than 1G are not advertised\n (git-fixes).\n - pNFS: Do not keep retrying if the server replied\n NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).\n - powerpc/idle: Fix return value of __setup() handler (bsc#1065729).\n - powerpc/perf: Fix the threshold compare group constraint for power9\n (bsc#1065729).\n - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address\n (bsc#1200343 ltc#198477).\n - random: Add and use pr_fmt() (bsc#1184924).\n - random: remove unnecessary unlikely() (bsc#1184924).\n - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips\n (git-fixes).\n - Revert \"block: Fix a lockdep complaint triggered by request queue\n flushing\" (git-fixes).\n - scsi: core: Show SCMD_LAST in text form (git-fixes).\n - scsi: ibmvfc: Allocate/free queue resource only during probe/remove\n (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).\n - scsi: ibmvfc: Store vhost pointer during subcrq allocation\n (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).\n - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe\n cmds (bsc#1201193).\n - scsi: lpfc: Address NULL pointer dereference after starget_to_rport()\n (bsc#1201193).\n - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).\n - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).\n - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd\n completion (bsc#1201193).\n - scsi: lpfc: Commonize VMID code location (bsc#1201193).\n - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in\n lpfc_ct_reject_event() (bsc#1201193).\n - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology\n (bsc#1201193).\n - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted\n (bsc#1201193).\n - scsi: lpfc: Resolve some cleanup issues following abort path refactoring\n (bsc#1201193).\n - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring\n (bsc#1201193).\n - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent\n (bsc#1201193).\n - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).\n - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).\n - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).\n - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).\n - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).\n - scsi: qla2xxx: edif: Add bsg interface to read doorbell events\n (bsc#1201160).\n - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).\n - scsi: qla2xxx: edif: bsg refactor (bsc#1201160).\n - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).\n - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).\n - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).\n - scsi: qla2xxx: edif: Fix potential stuck session in sa update\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).\n - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce disruption due to multiple app start\n (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time\n (bsc#1201160).\n - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).\n - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).\n - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication\n application (bsc#1201160).\n - scsi: qla2xxx: edif: Tear down session if keys have been removed\n (bsc#1201160).\n - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).\n - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts\n (bsc#1201160).\n - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection\n (bsc#1201160).\n - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).\n - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests\n (bsc#1201160).\n - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os\n (bsc#1201160).\n - scsi: qla2xxx: Fix losing target when it reappears during delete\n (bsc#1201160).\n - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters\n (bsc#1201160).\n - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).\n - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).\n - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).\n - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).\n - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).\n - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).\n - scsi: sd: Signal drive managed SMR disks (git-fixes).\n - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).\n - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).\n - scsi: sd_zbc: Improve zone revalidation (git-fixes).\n - scsi: sd_zbc: Remove unused inline functions (git-fixes).\n - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).\n - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195\n bsc#1200622).\n - smb3: add mount parm nosparse (bsc#1200217).\n - smb3: add trace point for lease not found issue (bsc#1200217).\n - smb3: add trace point for oplock not found (bsc#1200217).\n - smb3: check for null tcon (bsc#1200217).\n - smb3: cleanup and clarify status of tree connections (bsc#1200217).\n - smb3: do not set rc when used and unneeded in query_info_compound\n (bsc#1200217).\n - SMB3: EBADF/EIO errors in rename/open caused by race condition in\n smb2_compound_op (bsc#1200217).\n - smb3: fix incorrect session setup check for multiuser mounts\n (bsc#1200217).\n - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to\n smbfs_common (bsc#1200217).\n - smb3: fix snapshot mount option (bsc#1200217).\n - smb3 improve error message when mount options conflict with posix\n (bsc#1200217).\n - smb3: move defines for ioctl protocol header and SMB2 sizes to\n smbfs_common (bsc#1200217).\n - smb3: move defines for query info and query fsinfo to smbfs_common\n (bsc#1200217).\n - smb3: move more common protocol header definitions to smbfs_common\n (bsc#1200217).\n - smb3: send NTLMSSP version information (bsc#1200217).\n - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe\n (git-fixes).\n - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).\n - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()\n (git-fixes).\n - sunvnet: use icmp_ndo_send helper (git-fixes).\n - tty: goldfish: Fix free_irq() on remove (git-fixes).\n - usb: chipidea: udc: check request status before setting device address\n (git-fixes).\n - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).\n - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe\n (git-fixes).\n - usb: gadget: u_ether: fix regression in setting fixed MAC address\n (git-fixes).\n - usbnet: fix memory allocation in helpers (git-fixes).\n - USB: serial: io_ti: add Agilent E5805A support (git-fixes).\n - USB: serial: option: add Quectel EM05-G modem (git-fixes).\n - USB: serial: option: add Quectel RM500K module support (git-fixes).\n - USB: serial: option: add support for Cinterion MV31 with new baseline\n (git-fixes).\n - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).\n - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).\n - veth: fix races around rq->rx_notify_masked (git-fixes).\n - virtio-mmio: fix missing put_device() when vm_cmdline_parent\n registration failed (git-fixes).\n - virtio-net: fix race between ndo_open() and virtio_device_ready()\n (git-fixes).\n - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).\n - virtio-pci: Remove wrong address verification in vp_del_vqs()\n (git-fixes).\n - vmxnet3: fix minimum vectors alloc issue (bsc#1199489).\n - writeback: Avoid skipping inode writeback (bsc#1200813).\n - writeback: Fix inode->i_io_list not be protected by inode->i_lock error\n (bsc#1200821).\n - xhci: Add reset resume quirk for AMD xhci controller (git-fixes).\n - x86/entry: Remove skip_r11rcx (bsc#1201644).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap Micro 5.2:\n\n zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2549=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-09-01T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1012", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2022-09-01T00:00:00", "id": "OPENSUSE-SU-2022:2549-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YODNNJY6VGTGGVMUQLFLWV5FFYHIFW3C/", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-09-30T20:23:58", "description": "An update that solves 11 vulnerabilities and has 44 fixes\n is now available.\n\nDescription:\n\n The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre\n like Branch Target Buffer attack, that can leak arbitrary kernel\n information (bsc#1199657).\n - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that\n could be used by a local attacker to escalate privileges (bnc#1201171).\n - CVE-2021-26341: Some AMD CPUs may transiently execute beyond\n unconditional direct branches, which may potentially result in data\n leakage (bsc#1201050).\n - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in\n the way a user forces the ath9k_htc_wait_for_target function to fail\n with some input messages (bsc#1199487).\n - CVE-2022-20132: Fixed out of bounds read due to improper input\n validation in lg_probe and related functions of hid-lg.c (bsc#1200619).\n - CVE-2022-1012: Fixed information leak caused by small table perturb size\n in the TCP source port generation algorithm (bsc#1199482).\n - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)\n - CVE-2022-20141: Fixed a possible use after free due to improper locking\n in ip_check_mc_rcu() (bsc#1200604).\n - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS\n subsystem, related to the replication of files with NFS. A user could\n potentially crash the system or escalate privileges on the system\n (bsc#1194013).\n - CVE-2022-20154: Fixed a use after free due to a race condition in\n lock_sock_nested of sock.c. This could lead to local escalation of\n privilege with System execution privileges needed (bsc#1200599).\n\n The following non-security bugs were fixed:\n\n - ALSA: hda/conexant: Fix missing beep setup (git-fixes).\n - ALSA: hda/realtek - Add HW8326 support (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).\n - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).\n - ALSA: hda/via: Fix missing beep setup (git-fixes).\n - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399\n (git-fixes)\n - arm64: ftrace: fix branch range checks (git-fixes)\n - ASoC: cs35l36: Update digital volume TLV (git-fixes).\n - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).\n - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).\n - ASoC: cs42l56: Correct typo in minimum level for SX volume controls\n (git-fixes).\n - ASoC: cs53l30: Correct number of volume levels on SX controls\n (git-fixes).\n - ASoC: es8328: Fix event generation for deemphasis control (git-fixes).\n - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).\n - ASoC: wm8962: Fix suspend while playing music (git-fixes).\n - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).\n - ata: libata: add qc->flags in ata_qc_complete_template tracepoint\n (git-fixes).\n - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()\n (git-fixes).\n - bcache: avoid journal no-space deadlock by reserving 1 journal bucket\n (git-fixes).\n - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate()\n (bsc#1197362).\n - bcache: fixup multiple threads crash (git-fixes).\n - bcache: improve multithreaded bch_btree_check() (git-fixes).\n - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).\n - bcache: memset on stack variables in bch_btree_check() and\n bch_sectors_dirty_init() (git-fixes).\n - bcache: remove incremental dirty sector counting for\n bch_sectors_dirty_init() (git-fixes).\n - bio: fix page leak bio_add_hw_page failure (git-fixes).\n - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).\n - blk-iolatency: Fix inflight count imbalances and IO hangs on offline\n (bsc#1200825).\n - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED\n (bsc#1200263).\n - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).\n - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)\n - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).\n - block: advance iov_iter on bio_add_hw_page failure (git-fixes).\n - block: do not merge across cgroup boundaries if blkcg is enabled\n (bsc#1198020).\n - block: Fix handling of offline queues in blk_mq_alloc_request_hctx()\n (bsc#1185762).\n - block: Fix kABI in blk-merge.c (bsc#1198020).\n - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).\n - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()\n (git-fixes).\n - caif_virtio: fix race between virtio_device_ready() and ndo_open()\n (git-fixes).\n - ceph: add some lockdep assertions around snaprealm handling\n (bsc#1201147).\n - ceph: clean up locking annotation for ceph_get_snap_realm and\n __lookup_snap_realm (bsc#1201149).\n - certs/blacklist_hashes.c: fix const confusion in certs blacklist\n (git-fixes).\n - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).\n - cifs: adjust DebugData to use chans_need_reconnect for conn status\n (bsc#1200217).\n - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is\n empty (bsc#1200217).\n - cifs: avoid parallel session setups on same channel (bsc#1200217).\n - cifs: avoid race during socket reconnect between send and recv\n (bsc#1200217).\n - cifs: call cifs_reconnect when a connection is marked (bsc#1200217).\n - cifs: call helper functions for marking channels for reconnect\n (bsc#1200217).\n - cifs: change smb2_query_info_compound to use a cached fid, if available\n (bsc#1200217).\n - cifs: check for smb1 in open_cached_dir() (bsc#1200217).\n - cifs: check reconnects for channels of active tcons too (bsc#1200217).\n - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).\n - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits\n (bsc#1200217).\n - cifs: clean up an inconsistent indenting (bsc#1200217).\n - cifs: destage any unwritten data to the server before calling\n copychunk_write (bsc#1200217).\n - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).\n - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set\n (bsc#1200217).\n - cifs: do not use tcpStatus after negotiate completes (bsc#1200217).\n - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).\n - cifs: fix confusing unneeded warning message on smb2.1 and earlier\n (bsc#1200217).\n - cifs: fix double free race when mount fails in cifs_get_root()\n (bsc#1200217).\n - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).\n - cifs: fix handlecache and multiuser (bsc#1200217).\n - cifs: fix hang on cifs_get_next_mid() (bsc#1200217).\n - cifs: fix incorrect use of list iterator after the loop (bsc#1200217).\n - cifs: fix minor compile warning (bsc#1200217).\n - cifs: fix missed refcounting of ipc tcon (bsc#1200217).\n - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).\n - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).\n - cifs: fix potential deadlock in direct reclaim (bsc#1200217).\n - cifs: fix potential double free during failed mount (bsc#1200217).\n - cifs: fix potential race with cifsd thread (bsc#1200217).\n - cifs: fix set of group SID via NTSD xattrs (bsc#1200217).\n - cifs: fix signed integer overflow when fl_end is OFFSET_MAX\n (bsc#1200217).\n - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).\n - cifs: fix the cifs_reconnect path for DFS (bsc#1200217).\n - cifs: fix the connection state transitions with multichannel\n (bsc#1200217).\n - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share\n (bsc#1200217).\n - cifs: fix workstation_name for multiuser mounts (bsc#1200217).\n - cifs: force new session setup and tcon for dfs (bsc#1200217).\n - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).\n - cifs: ignore resource_id while getting fscache super cookie\n (bsc#1200217).\n - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).\n - cifs: make status checks in version independent callers (bsc#1200217).\n - cifs: mark sessions for reconnection in helper function (bsc#1200217).\n - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).\n - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).\n - cifs: move superblock magic defitions to magic.h (bsc#1200217).\n - cifs: potential buffer overflow in handling symlinks (bsc#1200217).\n - cifs: print TIDs as hex (bsc#1200217).\n - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).\n - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs\n refs (bsc#1200217).\n - cifs: reconnect only the connection and not smb session where possible\n (bsc#1200217).\n - cifs: release cached dentries only if mount is complete (bsc#1200217).\n - cifs: remove check of list iterator against head past the loop body\n (bsc#1200217).\n - cifs: remove redundant assignment to pointer p (bsc#1200217).\n - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).\n - cifs: remove repeated state change in dfs tree connect (bsc#1200217).\n - cifs: remove unused variable ses_selected (bsc#1200217).\n - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).\n - cifs: return the more nuanced writeback error on close() (bsc#1200217).\n - cifs: sanitize multiple delimiters in prepath (bsc#1200217).\n - cifs: serialize all mount attempts (bsc#1200217).\n - cifs: set the CREATE_NOT_FILE when opening the directory in\n use_cached_dir() (bsc#1200217).\n - cifs: skip trailing separators of prefix paths (bsc#1200217).\n - cifs: smbd: fix typo in comment (bsc#1200217).\n - cifs: Split the smb3_add_credits tracepoint (bsc#1200217).\n - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).\n - cifs: track individual channel status using chans_need_reconnect\n (bsc#1200217).\n - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).\n - cifs: update internal module number (bsc#1193629).\n - cifs: update internal module number (bsc#1200217).\n - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).\n - cifs: use a different reconnect helper for non-cifsd threads\n (bsc#1200217).\n - cifs: use correct lock type in cifs_reconnect() (bsc#1200217).\n - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).\n - cifs: use new enum for ses_status (bsc#1200217).\n - cifs: use the chans_need_reconnect bitmap for reconnect status\n (bsc#1200217).\n - cifs: verify that tcon is valid before dereference in cifs_kill_sb\n (bsc#1200217).\n - cifs: version operations for smb20 unneeded when legacy support disabled\n (bsc#1200217).\n - cifs: wait for tcon resource_id before getting fscache super\n (bsc#1200217).\n - cifs: we do not need a spinlock around the tree access during umount\n (bsc#1200217).\n - cifs: when extending a file with falloc we should make files not-sparse\n (bsc#1200217).\n - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c\n (git-fixes).\n - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).\n - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).\n - drm/msm: Fix double pm_runtime_disable() call (git-fixes).\n - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).\n - drm/sun4i: Fix crash during suspend after component bind failure\n (git-fixes).\n - exec: Force single empty string when argv is empty (bsc#1200571).\n - ext4: add check to prevent attempting to resize an fs with sparse_super2\n (bsc#1197754).\n - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).\n - ext4: fix bug_on in __es_tree_search (bsc#1200809).\n - ext4: fix race condition between ext4_write and ext4_convert_inline_data\n (bsc#1200807).\n - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole\n (bsc#1200806).\n - ext4: make variable \"count\" signed (bsc#1200820).\n - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).\n - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).\n - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).\n - gtp: use icmp_ndo_send helper (git-fixes).\n - hwmon: (ibmaem) do not call platform_device_del() if\n platform_device_add() fails (git-fixes).\n - i2c: designware: Use standard optional ref clock implementation\n (git-fixes).\n - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).\n - iio:accel:bma180: rearrange iio trigger get and register (git-fixes).\n - iio: accel: mma8452: ignore the return value of reset operation\n (git-fixes).\n - iio: adc: axp288: Override TS pin bias current for some models\n (git-fixes).\n - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).\n - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).\n - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()\n (git-fixes).\n - iio: trigger: sysfs: fix use-after-free on remove (git-fixes).\n - init: Initialize noop_backing_dev_info early (bsc#1200822).\n - inotify: show inotify mask flags in proc fdinfo (bsc#1200600).\n - iomap: iomap_write_failed fix (bsc#1200829).\n - ipvs: add sysctl_run_estimation to support disable estimation\n (bsc#1195504).\n - jfs: fix divide error in dbNextAG (bsc#1200828).\n - kABI fix of sysctl_run_estimation (git-fixes).\n - kabi: nvme workaround header include (bsc#1201193).\n - kabi/severities: ignore KABI for NVMe target (bsc#1192761)\n - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).\n - md: fix update super 1.0 on rdev size change (git-fixes).\n - move devm_allocate to end of structure for kABI (git-fixes).\n - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).\n - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg\n (git-fixes).\n - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).\n - net: ieee802154: ca8210: Stop leaking skb's (git-fixes).\n - net: lantiq: Add locking for TX DMA channel (git-fixes).\n - net: rose: fix UAF bugs caused by timer handler (git-fixes).\n - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).\n - net: usb: ax88179_178a: Fix packet receiving (git-fixes).\n - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).\n - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).\n - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).\n - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).\n - NFS: Do not report errors from nfs_pageio_complete() more than once\n (git-fixes).\n - NFS: Do not report flush errors in nfs_write_end() (git-fixes).\n - NFS: Further fixes to the writeback error handling (git-fixes).\n - NFS: Memory allocation failures are not server fatal errors (git-fixes).\n - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout\n (git-fixes).\n - nvdimm: Fix firmware activation deadlock scenarios (git-fixes).\n - nvdimm/region: Fix default alignment for small regions (git-fixes).\n - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).\n - nvme: Add connect option 'discovery' (bsc#1192761).\n - nvme: add new discovery log page entry definitions (bsc#1192761).\n - nvme: display correct subsystem NQN (bsc#1192761).\n - nvme: expose subsystem type in sysfs attribute 'subsystype'\n (bsc#1192761).\n - nvme: kabi fix nvme subsystype change (bsc#1192761)\n - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).\n - nvmet: add nvmet_req_subsys() helper (bsc#1192761).\n - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).\n - nvmet: do not check iosqes,iocqes for discovery controllers\n (bsc#1192761).\n - nvmet: fix freeing unallocated p2pmem (git-fixes).\n - nvmet: make discovery NQN configurable (bsc#1192761).\n - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).\n - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY\n (git-fixes).\n - nvmet: register discovery subsystem as 'current' (bsc#1192761).\n - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).\n - nvmet: switch check for subsystem type (bsc#1192761).\n - phy: aquantia: Fix AN when higher speeds than 1G are not advertised\n (git-fixes).\n - pNFS: Do not keep retrying if the server replied\n NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).\n - powerpc/idle: Fix return value of __setup() handler (bsc#1065729).\n - powerpc/perf: Fix the threshold compare group constraint for power9\n (bsc#1065729).\n - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address\n (bsc#1200343 ltc#198477).\n - random: Add and use pr_fmt() (bsc#1184924).\n - random: remove unnecessary unlikely() (bsc#1184924).\n - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips\n (git-fixes).\n - Revert \"block: Fix a lockdep complaint triggered by request queue\n flushing\" (git-fixes).\n - scsi: core: Show SCMD_LAST in text form (git-fixes).\n - scsi: ibmvfc: Allocate/free queue resource only during probe/remove\n (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).\n - scsi: ibmvfc: Store vhost pointer during subcrq allocation\n (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).\n - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe\n cmds (bsc#1201193).\n - scsi: lpfc: Address NULL pointer dereference after starget_to_rport()\n (bsc#1201193).\n - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).\n - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).\n - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd\n completion (bsc#1201193).\n - scsi: lpfc: Commonize VMID code location (bsc#1201193).\n - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in\n lpfc_ct_reject_event() (bsc#1201193).\n - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology\n (bsc#1201193).\n - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted\n (bsc#1201193).\n - scsi: lpfc: Resolve some cleanup issues following abort path refactoring\n (bsc#1201193).\n - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring\n (bsc#1201193).\n - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent\n (bsc#1201193).\n - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).\n - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).\n - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).\n - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).\n - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).\n - scsi: qla2xxx: edif: Add bsg interface to read doorbell events\n (bsc#1201160).\n - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).\n - scsi: qla2xxx: edif: bsg refactor (bsc#1201160).\n - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).\n - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).\n - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).\n - scsi: qla2xxx: edif: Fix potential stuck session in sa update\n (bsc#1201160).\n - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).\n - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce disruption due to multiple app start\n (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).\n - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time\n (bsc#1201160).\n - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).\n - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).\n - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication\n application (bsc#1201160).\n - scsi: qla2xxx: edif: Tear down session if keys have been removed\n (bsc#1201160).\n - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).\n - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts\n (bsc#1201160).\n - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection\n (bsc#1201160).\n - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).\n - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests\n (bsc#1201160).\n - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os\n (bsc#1201160).\n - scsi: qla2xxx: Fix losing target when it reappears during delete\n (bsc#1201160).\n - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters\n (bsc#1201160).\n - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).\n - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).\n - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).\n - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).\n - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).\n - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).\n - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).\n - scsi: sd: Signal drive managed SMR disks (git-fixes).\n - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).\n - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).\n - scsi: sd_zbc: Improve zone revalidation (git-fixes).\n - scsi: sd_zbc: Remove unused inline functions (git-fixes).\n - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).\n - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195\n bsc#1200622).\n - smb3: add mount parm nosparse (bsc#1200217).\n - smb3: add trace point for lease not found issue (bsc#1200217).\n - smb3: add trace point for oplock not found (bsc#1200217).\n - smb3: check for null tcon (bsc#1200217).\n - smb3: cleanup and clarify status of tree connections (bsc#1200217).\n - smb3: do not set rc when used and unneeded in query_info_compound\n (bsc#1200217).\n - SMB3: EBADF/EIO errors in rename/open caused by race condition in\n smb2_compound_op (bsc#1200217).\n - smb3: fix incorrect session setup check for multiuser mounts\n (bsc#1200217).\n - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to\n smbfs_common (bsc#1200217).\n - smb3: fix snapshot mount option (bsc#1200217).\n - smb3 improve error message when mount options conflict with posix\n (bsc#1200217).\n - smb3: move defines for ioctl protocol header and SMB2 sizes to\n smbfs_common (bsc#1200217).\n - smb3: move defines for query info and query fsinfo to smbfs_common\n (bsc#1200217).\n - smb3: move more common protocol header definitions to smbfs_common\n (bsc#1200217).\n - smb3: send NTLMSSP version information (bsc#1200217).\n - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe\n (git-fixes).\n - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).\n - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()\n (git-fixes).\n - sunvnet: use icmp_ndo_send helper (git-fixes).\n - tty: goldfish: Fix free_irq() on remove (git-fixes).\n - usb: chipidea: udc: check request status before setting device address\n (git-fixes).\n - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).\n - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe\n (git-fixes).\n - usb: gadget: u_ether: fix regression in setting fixed MAC address\n (git-fixes).\n - usbnet: fix memory allocation in helpers (git-fixes).\n - USB: serial: io_ti: add Agilent E5805A support (git-fixes).\n - USB: serial: option: add Quectel EM05-G modem (git-fixes).\n - USB: serial: option: add Quectel RM500K module support (git-fixes).\n - USB: serial: option: add support for Cinterion MV31 with new baseline\n (git-fixes).\n - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).\n - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).\n - veth: fix races around rq->rx_notify_masked (git-fixes).\n - virtio-mmio: fix missing put_device() when vm_cmdline_parent\n registration failed (git-fixes).\n - virtio-net: fix race between ndo_open() and virtio_device_ready()\n (git-fixes).\n - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).\n - virtio-pci: Remove wrong address verification in vp_del_vqs()\n (git-fixes).\n - vmxnet3: fix minimum vectors alloc issue (bsc#1199489).\n - writeback: Avoid skipping inode writeback (bsc#1200813).\n - writeback: Fix inode->i_io_list not be protected by inode->i_lock error\n (bsc#1200821).\n - xhci: Add reset resume quirk for AMD xhci controller (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-2422=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-2422=1\n\n - SUSE Linux Enterprise Workstation Extension 15-SP3:\n\n zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2422=1\n\n - SUSE Linux Enterprise Module for Live Patching 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2422=1\n\n Please note that this is the initial kernel livepatch without fixes\n itself, this livepatch package is later updated by seperate standalone\n livepatch updates.\n\n - SUSE Linux Enterprise Module for Legacy Software 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2422=1\n\n - SUSE Linux Enterprise Module for Development Tools 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2422=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2422=1\n\n - SUSE Linux Enterprise Micro 5.2:\n\n zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2422=1\n\n - SUSE Linux Enterprise Micro 5.1:\n\n zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2422=1\n\n - SUSE Linux Enterprise High Availability 15-SP3:\n\n zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2422=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-07-18T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1012", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2022-07-18T00:00:00", "id": "SUSE-SU-2022:2422-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KAYOR6IOYZPTXZSR2SQVZLB3ICGAPZO7/", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-11-08T04:08:17", "description": "An update that solves 14 vulnerabilities and has one errata\n is now available.\n\nDescription:\n\n The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\n security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre\n like Branch Target Buffer attack, that can leak arbitrary kernel\n information (bsc#1199657).\n - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in\n the way a user forces the ath9k_htc_wait_for_target function to fail\n with some input messages (bsc#1199487).\n - CVE-2022-20132: Fixed out of bounds read due to improper input\n validation in lg_probe and related functions of hid-lg.c (bsc#1200619).\n - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)\n - CVE-2022-20141: Fixed a possible use after free due to improper locking\n in ip_check_mc_rcu() (bsc#1200604).\n - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS\n subsystem, related to the replication of files with NFS. A user could\n potentially crash the system or escalate privileges on the system\n (bsc#1194013).\n - CVE-2022-20154: Fixed a use after free due to a race condition in\n lock_sock_nested of sock.c. This could lead to local escalation of\n privilege with System execution privileges needed (bsc#1200599).\n - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer\n handler in net/rose/rose_timer.c that allow attackers to crash the\n system without any privileges (bsc#1201251).\n - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed\n multiple potential data leaks with Block and Network devices when using\n untrusted backends (bsc#1200762).\n - CVE-2021-26341: Some AMD CPUs may transiently execute beyond\n unconditional direct branches, which may potentially result in data\n leakage (bsc#1201050).\n\n The following non-security bugs were fixed:\n\n - exec: Force single empty string when argv is empty (bsc#1200571).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-2411=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-2411=1\n\n - SUSE Linux Enterprise Server for SAP 15-SP1:\n\n zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2411=1\n\n - SUSE Linux Enterprise Server 15-SP1-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2411=1\n\n - SUSE Linux Enterprise Server 15-SP1-BCL:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2411=1\n\n - SUSE Linux Enterprise Module for Live Patching 15-SP1:\n\n zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2411=1\n\n Please note that this is the initial kernel livepatch without fixes\n itself, this livepatch package is later updated by seperate standalone\n livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2411=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2411=1\n\n - SUSE Linux Enterprise High Availability 15-SP1:\n\n zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2411=1\n\n - SUSE Enterprise Storage 6:\n\n zypper in -t patch SUSE-Storage-6-2022-2411=1\n\n - SUSE CaaS Platform 4.0:\n\n To install this update, use the SUSE CaaS Platform 'skuba' tool. It\n will inform you if it detects new updates and let you then trigger\n updating of the complete cluster in a controlled way.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-15T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33981"], "modified": "2022-07-15T00:00:00", "id": "SUSE-SU-2022:2411-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TKEVE6ZL5SMFF3MEUOB7IRLKS4SWKAHM/", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-03-02T15:00:57", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2424-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2424-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1012", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32250", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmrt", "p-cpe:/a:novell:suse_linux:dlm-kmrt", "p-cpe:/a:novell:suse_linux:gfs2-kmrt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmrt", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2424-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163360", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2424-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163360);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1012\",\n \"CVE-2022-1679\",\n \"CVE-2022-20132\",\n \"CVE-2022-20154\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33981\",\n \"CVE-2022-34918\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2424-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2424-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2424-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak\n (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179195\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200828\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201222\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011577.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3cd02af7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-34918\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmrt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-5.3.18-150300.96.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'dlm-kmp-rt-5.3.18-150300.96.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'gfs2-kmp-rt-5.3.18-150300.96.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-devel-rt-5.3.18-150300.96.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-rt-5.3.18-150300.96.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-rt-devel-5.3.18-150300.96.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-rt_debug-devel-5.3.18-150300.96.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-source-rt-5.3.18-150300.96.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-syms-rt-5.3.18-150300.96.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'ocfs2-kmp-rt-5.3.18-150300.96.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-09T12:29:58", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2423-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-22T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2423-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981"], "modified": "2022-07-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_120-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2423-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163377", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2423-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163377);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/22\");\n\n script_cve_id(\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1679\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2423-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2423-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2423-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011576.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?06228e15\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_120-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-ha-release-15.2', 'sles-release-15.2']},\n {'reference':'dlm-kmp-default-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-ha-release-15.2', 'sles-release-15.2']},\n {'reference':'gfs2-kmp-default-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-ha-release-15.2', 'sles-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-default-livepatch-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-module-live-patching-release-15.2', 'sles-release-15.2']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-module-live-patching-release-15.2', 'sles-release-15.2']},\n {'reference':'kernel-devel-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-150200_24_120-default-1-150200.5.5.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-module-live-patching-release-15.2', 'sles-release-15.2']},\n {'reference':'kernel-macros-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-source-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'ocfs2-kmp-default-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-ha-release-15.2', 'sles-release-15.2']},\n {'reference':'reiserfs-kmp-default-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-syms-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-devel-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-macros-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-source-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'reiserfs-kmp-default-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-02T22:34:28", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2422-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:2422-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1012", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32250", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmdefault", "p-cpe:/a:novell:suse_linux:dlm-kmdefault", "p-cpe:/a:novell:suse_linux:gfs2-kmdefault", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_81-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmdefault", "p-cpe:/a:novell:suse_linux:reiserfs-kmdefault", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2422-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163366", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2422-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163366);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1012\",\n \"CVE-2022-1679\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33981\",\n \"CVE-2022-34918\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2422-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:2422-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2422-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak\n (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179195\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200828\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201222\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011579.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8aef154d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-34918\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmdefault\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmdefault\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmdefault\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_81-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmdefault\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmdefault\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-ha-release-15.3', 'sles-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-ha-release-15.3', 'sles-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-ha-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-150300_59_81-default-1-150300.7.5.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.81.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-ha-release-15.3', 'sles-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.81.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T19:20:52", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2549-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-07-27T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2549-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1012", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32250", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_87-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2549-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163482", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2549-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163482);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1012\",\n \"CVE-2022-1679\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33981\",\n \"CVE-2022-34918\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2549-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2549-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2549-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179195\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200828\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201676\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011657.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8ab27e59\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-34918\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_87-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-64kb-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.87.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'cluster-md-kmp-64kb-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-preempt-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-preempt-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-64kb-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-preempt-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-preempt-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-al-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-allwinner-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-altera-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-amd-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-amlogic-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-apm-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-arm-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-broadcom-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-cavium-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-exynos-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-freescale-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-hisilicon-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-lg-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-marvell-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-mediatek-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-nvidia-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-qcom-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-renesas-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-rockchip-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-socionext-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-sprd-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-xilinx-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-zte-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-64kb-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-preempt-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-preempt-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-extra-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-livepatch-devel-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-optional-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-devel-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-livepatch-devel-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-base-rebuild-5.3.18-150300.59.87.1.150300.18.50.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-optional-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-devel-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-obs-qa-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-optional-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-optional-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-vanilla-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.87.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-64kb-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-default-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-preempt-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-preempt-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-64kb-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-preempt-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-preempt-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-64kb-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.87.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-preempt-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-preempt-5.3.18-150300.59.87.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-al-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-zte-5.3.18-150300.59.87.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.87.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-150300_59_87-default-1-150300.7.5.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / cluster-md-kmp-preempt / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T04:27:13", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2379-1 advisory.\n\n - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.\n (CVE-2017-16525)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2379-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16525", "CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2379-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163091", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2379-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163091);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2017-16525\",\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1679\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2379-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2379-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2379-1 advisory.\n\n - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before\n 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have\n unspecified other impact via a crafted USB device, related to disconnection and failed setup.\n (CVE-2017-16525)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1066618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011540.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d1744ad\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-16525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.121-92.178.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-default-base-4.4.121-92.178.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-default-devel-4.4.121-92.178.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-devel-4.4.121-92.178.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-macros-4.4.121-92.178.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-source-4.4.121-92.178.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-syms-4.4.121-92.178.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T22:36:13", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2478-1 advisory.\n\n - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.\n (CVE-2017-16525)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2478-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16525", "CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2478-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163391", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2478-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163391);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2017-16525\",\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1679\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2478-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2478-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2478-1 advisory.\n\n - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before\n 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have\n unspecified other impact via a crafted USB device, related to disconnection and failed setup.\n (CVE-2017-16525)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1066618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011611.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d3bd7c9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-16525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.180-94.167.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-default-base-4.4.180-94.167.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-default-devel-4.4.180-94.167.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-devel-4.4.180-94.167.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-macros-4.4.180-94.167.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-source-4.4.180-94.167.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-syms-4.4.180-94.167.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T19:22:01", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2411-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-22T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2411-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33981"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_117-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2411-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163384", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2411-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163384);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1679\",\n \"CVE-2022-2318\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-26365\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2411-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2411-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2411-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011558.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a08db558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_117-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-devel-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-macros-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-source-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-syms-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'reiserfs-kmp-default-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1']},\n {'reference':'kernel-default-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-syms-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-devel-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-macros-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-source-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-debug-base-4.12.14-150100.197.117.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-man-4.12.14-150100.197.117.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-base-4.12.14-150100.197.117.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-vanilla-4.12.14-150100.197.117.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-vanilla-base-4.12.14-150100.197.117.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-vanilla-devel-4.12.14-150100.197.117.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-vanilla-livepatch-devel-4.12.14-150100.197.117.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-zfcpdump-man-4.12.14-150100.197.117.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-base-4.12.14-150100.197.117.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-man-4.12.14-150100.197.117.1', 'cpu':'s390x', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-base-4.12.14-150100.197.117.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-4.12.14-150100.197.117.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-base-4.12.14-150100.197.117.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-devel-4.12.14-150100.197.117.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-livepatch-devel-4.12.14-150100.197.117.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-zfcpdump-man-4.12.14-150100.197.117.1', 'cpu':'s390x', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'cluster-md-kmp-default-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'dlm-kmp-default-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'gfs2-kmp-default-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'ocfs2-kmp-default-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'kernel-default-livepatch-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-default-livepatch-devel-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-livepatch-4_12_14-150100_197_117-default-1-150100.3.3.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-default-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-man-4.12.14-150100.197.117.1', 'sp':'1', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'reiserfs-kmp-default-4.12.14-150100.197.117.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T20:40:34", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2407-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2407-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33981"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-obs-build:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:reiserfs-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-vanilla-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_95-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2407-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163363", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2407-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163363);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1679\",\n \"CVE-2022-2318\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-26365\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2407-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2407-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2407-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011557.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e31ff85\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_95-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-devel-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-macros-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-source-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'reiserfs-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-devel-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-macros-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-source-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'cluster-md-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'dlm-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'gfs2-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'ocfs2-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'kernel-default-livepatch-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']},\n {'reference':'kernel-livepatch-4_12_14-150000_150_95-default-1-150000.1.3.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-man-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'reiserfs-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T15:03:24", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2382-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:2382-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-4157", "CVE-2022-1012", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33981"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-obs-build:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_127-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2382-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163096", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2382-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163096);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2021-4157\",\n \"CVE-2022-1012\",\n \"CVE-2022-1679\",\n \"CVE-2022-2318\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-26365\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2382-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:2382-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2382-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011539.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?32de157b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_127-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-base-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-devel-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.127.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.127.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-man-4.12.14-122.127.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-devel-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-macros-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-obs-build-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-source-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-syms-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'cluster-md-kmp-default-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'dlm-kmp-default-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'gfs2-kmp-default-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'ocfs2-kmp-default-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'kernel-default-kgraft-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kgraft-patch-4_12_14-122_127-default-1-8.3.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T08:34:26", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2377-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-07-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2377-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-4157", "CVE-2022-1012", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33981"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-azure-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-azure-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source-azure:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2377-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163059", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2377-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163059);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2021-4157\",\n \"CVE-2022-1012\",\n \"CVE-2022-1679\",\n \"CVE-2022-2318\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-26365\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2377-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2377-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2377-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011520.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1b1c4cb5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-4.12.14-16.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-azure-base-4.12.14-16.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-azure-devel-4.12.14-16.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-devel-azure-4.12.14-16.103.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-source-azure-4.12.14-16.103.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-syms-azure-4.12.14-16.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-base / kernel-azure-devel / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T19:22:43", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2759-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-11T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 18 for SLE 15 SP3) (SUSE-SU-2022:2759-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1679", "CVE-2022-20141", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_68-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2759-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164069", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2759-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164069);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1679\", \"CVE-2022-20141\", \"CVE-2022-34918\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2759-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 18 for SLE 15 SP3) (SUSE-SU-2022:2759-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2759-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201222\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011885.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46cfefa0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-34918\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150300_59_68-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_68-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150300.59.68-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_68-default-5-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150300_59_68-default');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T19:21:28", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2732-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 17 for SLE 15 SP3) (SUSE-SU-2022:2732-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1679", "CVE-2022-20141", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_63-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2732-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163998", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2732-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163998);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1679\", \"CVE-2022-20141\", \"CVE-2022-34918\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2732-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 17 for SLE 15 SP3) (SUSE-SU-2022:2732-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2732-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201222\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011842.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?645c82fd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-34918\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150300_59_63-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_63-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150300.59.63-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_63-default-6-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150300_59_63-default');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T06:30:19", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2696-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 19 for SLE 15 SP3) (SUSE-SU-2022:2696-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1679", "CVE-2022-20141", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_71-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_76-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2696-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163925", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2696-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163925);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1679\", \"CVE-2022-20141\", \"CVE-2022-34918\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2696-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 19 for SLE 15 SP3) (SUSE-SU-2022:2696-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2696-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201222\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011823.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5efea3e5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-34918\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150300_59_71-default and / or kernel-livepatch-5_3_18-150300_59_76-default\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_71-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_76-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150300.59.71-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_71-default-4-150300.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.76-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_76-default-3-150300.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150300_59_71-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T02:40:43", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5545-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-03T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (OEM) vulnerability (USN-5545-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1046-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.17.0-1014-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem"], "id": "UBUNTU_USN-5545-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163756", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5545-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163756);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-34918\");\n script_xref(name:\"USN\", value:\"5545-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (OEM) vulnerability (USN-5545-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced\nin the USN-5545-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5545-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1046-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.17.0-1014-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.14.0-\\d{4}-oem|5.17.0-\\d{4}-oem)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.14.0-\\d{4}-oem\" : \"5.14.0-1046\",\n \"5.17.0-\\d{4}-oem\" : \"5.17.0-1014\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5545-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-34918');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5545-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-20T17:38:25", "description": "The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-34918 advisory.\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-20T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: kernel (CVE-2022-34918)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-03-20T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:bpftool", "p-cpe:/a:microsoft:cbl-mariner:kernel", "p-cpe:/a:microsoft:cbl-mariner:kernel-debuginfo", "p-cpe:/a:microsoft:cbl-mariner:kernel-devel", "p-cpe:/a:microsoft:cbl-mariner:kernel-docs", "p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-accessibility", "p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-sound", "p-cpe:/a:microsoft:cbl-mariner:kernel-dtb", "p-cpe:/a:microsoft:cbl-mariner:kernel-oprofile", "p-cpe:/a:microsoft:cbl-mariner:kernel-tools", "p-cpe:/a:microsoft:cbl-mariner:python3-perf", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_KERNEL_CVE-2022-34918.NASL", "href": "https://www.tenable.com/plugins/nessus/172892", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172892);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/20\");\n\n script_cve_id(\"CVE-2022-34918\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: kernel (CVE-2022-34918)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore,\naffected by a vulnerability as referenced in the CVE-2022-34918 advisory.\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2022-34918\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-sound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-dtb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-oprofile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.55.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.55.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.55.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.55.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.55.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.55.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.55.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.55.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-docs-5.15.55.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-docs-5.15.55.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-accessibility-5.15.55.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-accessibility-5.15.55.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-sound-5.15.55.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-sound-5.15.55.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-dtb-5.15.55.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.55.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.55.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.55.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.55.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-debuginfo / kernel-devel / kernel-docs / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-02T08:47:19", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-2321)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33656", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-20166", "CVE-2022-32250", "CVE-2022-32296", "CVE-2022-34918"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2321.NASL", "href": "https://www.tenable.com/plugins/nessus/165032", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165032);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2021-33656\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-20166\",\n \"CVE-2022-32250\",\n \"CVE-2022-32296\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-2321)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2321\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?938d2671\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.19.90-vhulk2103.1.0.h819.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2103.1.0.h819.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2103.1.0.h819.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2103.1.0.h819.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-02T16:41:15", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5566-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5566-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-1679", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-28893", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1012-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1014-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1017-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae"], "id": "UBUNTU_USN-5566-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164030", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5566-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164030);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-1652\",\n \"CVE-2022-1679\",\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-28893\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-34918\"\n );\n script_xref(name:\"USN\", value:\"5566-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5566-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5566-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5566-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1012-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1014-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1017-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{4}-(azure|gke|ibm|kvm|raspi|raspi-nolpae))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{4}-(raspi|raspi-nolpae)\" : \"5.15.0-1013\",\n \"5.15.0-\\d{4}-azure\" : \"5.15.0-1017\",\n \"5.15.0-\\d{4}-gke\" : \"5.15.0-1014\",\n \"5.15.0-\\d{4}-ibm\" : \"5.15.0-1012\",\n \"5.15.0-\\d{4}-kvm\" : \"5.15.0-1016\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5566-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-1652', 'CVE-2022-1679', 'CVE-2022-2585', 'CVE-2022-2586', 'CVE-2022-2588', 'CVE-2022-28893', 'CVE-2022-29900', 'CVE-2022-29901', 'CVE-2022-34918');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5566-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T04:29:39", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2393-1 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)\n\n - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. (CVE-2022-1974)\n\n - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. (CVE-2022-1975)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2393-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19377", "CVE-2020-26541", "CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1184", "CVE-2022-1679", "CVE-2022-1729", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-21499", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33981"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_102-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2393-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163241", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2393-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163241);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2019-19377\",\n \"CVE-2020-26541\",\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1184\",\n \"CVE-2022-1679\",\n \"CVE-2022-1729\",\n \"CVE-2022-1974\",\n \"CVE-2022-1975\",\n \"CVE-2022-2318\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-21499\",\n \"CVE-2022-26365\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2393-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2393-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2393-1 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged\n user to gain root privileges. The bug allows to build several exploit primitives such as kernel address\n information leak, arbitrary execution, etc. (CVE-2022-1729)\n\n - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition\n between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN\n privilege to leak kernel information. (CVE-2022-1974)\n\n - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by\n simulating a nfc device from user-space. (CVE-2022-1975)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1158266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1162338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1162369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011546.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae37e6c0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-95.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'cluster-md-kmp-default-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'dlm-kmp-default-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'gfs2-kmp-default-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'ocfs2-kmp-default-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'kernel-default-kgraft-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kgraft-patch-4_12_14-95_102-default-1-6.3.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-man-4.12.14-95.102.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-02T02:48:20", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5544-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-02T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5544-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-1679", "CVE-2022-28893", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-lowlatency-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k"], "id": "UBUNTU_USN-5544-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163701", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5544-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163701);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-1652\",\n \"CVE-2022-1679\",\n \"CVE-2022-28893\",\n \"CVE-2022-34918\"\n );\n script_xref(name:\"USN\", value:\"5544-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5544-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5544-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5544-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-lowlatency-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k)\" : \"5.15.0-43\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5544-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-1652', 'CVE-2022-1679', 'CVE-2022-28893', 'CVE-2022-34918');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5544-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T04:32:23", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2809-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. (CVE-2022-1116)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-21505)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2809-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558", "CVE-2021-26341", "CVE-2021-33655", "CVE-2021-33656", "CVE-2021-4157", "CVE-2022-0171", "CVE-2022-1116", "CVE-2022-1462", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-21505", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33981", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-obs-build:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-preempt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-preempt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:reiserfs-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_126-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2809-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164138", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2809-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164138);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1116\",\n \"CVE-2022-1462\",\n \"CVE-2022-1679\",\n \"CVE-2022-2318\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-21505\",\n \"CVE-2022-26365\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33981\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2809-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2809-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2809-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause\n memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to\n 5.4.189; version 5.4.24 and later versions. (CVE-2022-1116)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root\n (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD\n CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-21505)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011914.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e3ff396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_126-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-devel-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-macros-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-source-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-syms-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'reiserfs-kmp-default-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-syms-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-devel-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-macros-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-source-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'cluster-md-kmp-default-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'dlm-kmp-default-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'gfs2-kmp-default-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'ocfs2-kmp-default-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'kernel-default-livepatch-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-150200_24_126-default-1-150200.5.5.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'reiserfs-kmp-default-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-22T01:55:40", "description": "The remote OracleVM system is missing necessary patches to address security updates:\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : kernel-uek (OVMSA-2022-0021)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492", "CVE-2022-32250", "CVE-2022-33981"], "modified": "2022-12-26T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2022-0021.NASL", "href": "https://www.tenable.com/plugins/nessus/164040", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were\n# extracted from OracleVM Security Advisory OVMSA-2022-0021.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164040);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/26\");\n\n script_cve_id(\"CVE-2022-0492\", \"CVE-2022-32250\", \"CVE-2022-33981\");\n\n script_name(english:\"OracleVM 3.4 : kernel-uek (OVMSA-2022-0021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address security updates:\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-0492.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-32250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-33981.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/OVMSA-2022-0021.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek / kernel-uek-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.65.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for OVMSA-2022-0021');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.65.1.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.65.1.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'OVS' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-firmware');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T07:38:35", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9667 advisory.\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-02T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9667)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492", "CVE-2022-32250", "CVE-2022-33981"], "modified": "2022-12-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2022-9667.NASL", "href": "https://www.tenable.com/plugins/nessus/163731", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9667.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163731);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/26\");\n\n script_cve_id(\"CVE-2022-0492\", \"CVE-2022-32250\", \"CVE-2022-33981\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9667)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9667 advisory.\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9667.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.65.1.el6uek', '4.1.12-124.65.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9667');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.65.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.65.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.65.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.65.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.65.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.65.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.65.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.65.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.65.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.65.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.65.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.65.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-12T15:33:55", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-125 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. (CVE-2022-36123)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-125)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36123"], "modified": "2022-09-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.57-28.127", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python3-perf", "p-cpe:/a:amazon:linux:python3-perf-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-125.NASL", "href": "https://www.tenable.com/plugins/nessus/164742", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-125.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164742);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/06\");\n\n script_cve_id(\"CVE-2022-29900\", \"CVE-2022-29901\", \"CVE-2022-36123\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-125)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-125 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This\n allows Xen PV guest OS users to cause a denial of service or gain privileges. (CVE-2022-36123)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29900.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29901.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-36123.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update kernel --releasever=2022.0.20220810' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-36123\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.57-28.127\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-29900\", \"CVE-2022-29901\", \"CVE-2022-36123\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS2022-2022-125\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.57-28.127.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-5.15.57-28.127-1.0-0.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-5.15.57-28.127-1.0-0.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-02T04:38:03", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6610 advisory.\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-22T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : kernel (ELSA-2022-6610)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2078", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-devel-matched", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-devel-matched", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2022-6610.NASL", "href": "https://www.tenable.com/plugins/nessus/165298", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-6610.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165298);\n script_version(\"1.5\");\n script_set_at

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2376-1)

Description

Related