SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3704-1)

2022-10-25T00:00:00

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3704-1 advisory. - Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. (CVE-2020-16119) - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008) - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503) - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586) - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056. (CVE-2022-32296) - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239) - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303) - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218) - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. (CVE-2022-41222) - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674) - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848) - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use- after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849) - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719) - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720) - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "SUSE_SU-2022-3704-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3704-1)", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3704-1 advisory.\n\n - Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.\n (CVE-2020-16119)\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use- after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-10-25T00:00:00", "modified": "2023-02-03T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 4.6}, "severity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/166446", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42720", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20008", "https://bugzilla.suse.com/1202960", "https://bugzilla.suse.com/1201309", "https://www.suse.com/security/cve/CVE-2022-20008", "https://bugzilla.suse.com/1203992", "https://www.suse.com/security/cve/CVE-2022-42721", "https://bugzilla.suse.com/1200288", "https://www.suse.com/security/cve/CVE-2022-41849", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41848", "https://bugzilla.suse.com/1177471", "https://www.suse.com/security/cve/CVE-2022-41218", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2503", "https://bugzilla.suse.com/1202385", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32296", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41849", "https://www.suse.com/security/cve/CVE-2022-32296", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41222", "https://www.suse.com/security/cve/CVE-2022-2586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3303", "https://www.suse.com/security/cve/CVE-2022-41848", "https://bugzilla.suse.com/1199564", "https://bugzilla.suse.com/1204059", "https://bugzilla.suse.com/1203987", "https://bugzilla.suse.com/1203622", "https://www.suse.com/security/cve/CVE-2022-41674", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41218", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42721", "https://bugzilla.suse.com/1204051", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41674", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16119", "https://bugzilla.suse.com/1203769", "https://www.suse.com/security/cve/CVE-2022-2503", "https://www.suse.com/security/cve/CVE-2020-16119", "https://bugzilla.suse.com/1203770", "https://bugzilla.suse.com/1202677", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3239", "http://www.nessus.org/u?d2c30b1e", "https://www.suse.com/security/cve/CVE-2022-42719", "https://bugzilla.suse.com/1202095", "https://www.suse.com/security/cve/CVE-2022-3239", "https://www.suse.com/security/cve/CVE-2022-42720", "https://www.suse.com/security/cve/CVE-2022-41222", "https://bugzilla.suse.com/1201310", "https://bugzilla.suse.com/1204060", "https://www.suse.com/security/cve/CVE-2022-3303", "https://bugzilla.suse.com/1203552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42719"], "cvelist": ["CVE-2020-16119", "CVE-2022-20008", "CVE-2022-2503", "CVE-2022-2586", "CVE-2022-32296", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-41218", "CVE-2022-41222", "CVE-2022-41674", "CVE-2022-41848", "CVE-2022-41849", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721"], "immutableFields": [], "lastseen": "2023-02-08T12:47:52", "viewCount": 63, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:7683"]}, {"type": "amazon", "idList": ["ALAS-2021-1539", "ALAS-2021-1712", "ALAS-2022-1604", "ALAS-2022-1645", "ALAS-2022-1876", "ALAS2-2022-1813"]}, {"type": "androidsecurity", "idList": ["ANDROID:2022-05-01", "ANDROID:2023-01-01", "ANDROID:2023-02-01"]}, {"type": "archlinux", "idList": ["ASA-202210-1", "ASA-202210-2", "ASA-202210-3", "ASA-202210-4"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:B46933C44EA4E2006B38E3D103AAF55E"]}, {"type": "cnvd", "idList": ["CNVD-2022-53378", "CNVD-2022-68087", "CNVD-2022-69187", "CNVD-2022-69188", "CNVD-2022-69191"]}, {"type": "cve", "idList": ["CVE-2020-16119", "CVE-2022-20008", "CVE-2022-2503", "CVE-2022-32296", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-41218", "CVE-2022-41222", "CVE-2022-41674", "CVE-2022-41848", "CVE-2022-41849", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2785-1:A6280", "DEBIAN:DLA-2843-1:AB8E9", "DEBIAN:DLA-3065-1:C1710", "DEBIAN:DLA-3102-1:8DD52", "DEBIAN:DLA-3131-1:083C4", "DEBIAN:DLA-3173-1:82909", "DEBIAN:DLA-3244-1:12088", "DEBIAN:DLA-3245-1:5D45B", "DEBIAN:DSA-4978-1:4EC47", "DEBIAN:DSA-4978-1:98A5E", "DEBIAN:DSA-5173-1:5A28E", "DEBIAN:DSA-5207-1:0D465", "DEBIAN:DSA-5257-1:DB743", "DEBIAN:DSA-5324-1:8EBE4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-16119", "DEBIANCVE:CVE-2022-20008", "DEBIANCVE:CVE-2022-2503", "DEBIANCVE:CVE-2022-2586", "DEBIANCVE:CVE-2022-32296", "DEBIANCVE:CVE-2022-3239", "DEBIANCVE:CVE-2022-3303", "DEBIANCVE:CVE-2022-41218", "DEBIANCVE:CVE-2022-41222", "DEBIANCVE:CVE-2022-41674", "DEBIANCVE:CVE-2022-41848", "DEBIANCVE:CVE-2022-41849", "DEBIANCVE:CVE-2022-42719", "DEBIANCVE:CVE-2022-42720", "DEBIANCVE:CVE-2022-42721"]}, {"type": "f5", "idList": ["F5:K82248373"]}, {"type": "fedora", "idList": ["FEDORA:4F30C30A9F1B", "FEDORA:52A7630CF28D", "FEDORA:65D00306B98F", "FEDORA:6860730B0678", "FEDORA:791D3304C27B", "FEDORA:873EB30832ED", "FEDORA:A4846305797B", "FEDORA:D90AA30C47EB"]}, {"type": "githubexploit", "idList": ["1EF67F84-0CA0-5928-AE63-14B72E0B13B0", "5226B4B5-D53F-503C-8DD3-C3A316CA43FC"]}, {"type": "ibm", "idList": ["7A31AC3AD76478BCDFF5EAFDE198D822A87AF40F80D6BE332BB307F284077425", "F42698819438A0AFD00188966548F0688DA81186746B5D708D7F1D8C8274475E"]}, {"type": "mageia", "idList": ["MGASA-2021-0459", "MGASA-2021-0460", "MGASA-2022-0305", "MGASA-2022-0308", "MGASA-2022-0379", "MGASA-2022-0380", "MGASA-2022-0442", "MGASA-2022-0443", "MGASA-2023-0007", "MGASA-2023-0008"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B0DA94EB1CF930F46263F17262E85D1A"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-150.NASL", "AL2022_ALAS2022-2022-185.NASL", "AL2_ALAS-2022-1813.NASL", "AL2_ALAS-2022-1876.NASL", "AL2_ALASKERNEL-5_10-2022-006.NASL", "AL2_ALASKERNEL-5_10-2022-015.NASL", "AL2_ALASKERNEL-5_10-2022-016.NASL", "AL2_ALASKERNEL-5_10-2022-017.NASL", "AL2_ALASKERNEL-5_10-2022-020.NASL", "AL2_ALASKERNEL-5_10-2022-023.NASL", "AL2_ALASKERNEL-5_15-2022-008.NASL", "AL2_ALASKERNEL-5_4-2022-008.NASL", "AL2_ALASKERNEL-5_4-2022-028.NASL", "AL2_ALASKERNEL-5_4-2022-030.NASL", "AL2_ALASKERNEL-5_4-2022-032.NASL", "AL2_ALASKERNEL-5_4-2022-035.NASL", "AL2_ALASKERNEL-5_4-2022-036.NASL", "AL2_ALASKERNEL-5_4-2022-037.NASL", "AL2_ALASKERNEL-5_4-2022-039.NASL", "ALA_ALAS-2021-1539.NASL", "ALA_ALAS-2022-1604.NASL", "ALA_ALAS-2022-1645.NASL", "ALMA_LINUX_ALSA-2022-7444.NASL", "ALMA_LINUX_ALSA-2022-7683.NASL", "ALMA_LINUX_ALSA-2022-7933.NASL", "ALMA_LINUX_ALSA-2022-8267.NASL", "DEBIAN_DLA-2843.NASL", "DEBIAN_DLA-3065.NASL", "DEBIAN_DLA-3102.NASL", "DEBIAN_DLA-3131.NASL", "DEBIAN_DLA-3173.NASL", "DEBIAN_DLA-3244.NASL", "DEBIAN_DLA-3245.NASL", "DEBIAN_DSA-4978.NASL", "DEBIAN_DSA-5173.NASL", "DEBIAN_DSA-5207.NASL", "DEBIAN_DSA-5257.NASL", "DEBIAN_DSA-5324.NASL", "EULEROS_SA-2022-1243.NASL", "EULEROS_SA-2022-1376.NASL", "EULEROS_SA-2022-1969.NASL", "EULEROS_SA-2022-2110.NASL", "EULEROS_SA-2022-2159.NASL", "EULEROS_SA-2022-2225.NASL", "EULEROS_SA-2022-2292.NASL", "EULEROS_SA-2022-2321.NASL", "EULEROS_SA-2022-2348.NASL", "EULEROS_SA-2022-2384.NASL", "EULEROS_SA-2022-2415.NASL", "EULEROS_SA-2022-2428.NASL", "EULEROS_SA-2022-2441.NASL", "EULEROS_SA-2022-2466.NASL", "EULEROS_SA-2022-2566.NASL", "EULEROS_SA-2022-2654.NASL", "EULEROS_SA-2022-2686.NASL", "EULEROS_SA-2022-2732.NASL", "EULEROS_SA-2022-2767.NASL", "EULEROS_SA-2022-2796.NASL", "EULEROS_SA-2022-2823.NASL", "EULEROS_SA-2022-2848.NASL", "EULEROS_SA-2022-2873.NASL", "EULEROS_SA-2022-2891.NASL", "EULEROS_SA-2022-2906.NASL", "EULEROS_SA-2022-2932.NASL", "EULEROS_SA-2023-1012.NASL", "EULEROS_SA-2023-1037.NASL", "EULEROS_SA-2023-1126.NASL", "EULEROS_SA-2023-1147.NASL", "EULEROS_SA-2023-1168.NASL", "EULEROS_SA-2023-1193.NASL", "EULEROS_SA-2023-1223.NASL", "FEDORA_2020-CE117EFF51.NASL", "FEDORA_2022-2CFBE17910.NASL", "FEDORA_2022-B948FC3CFB.NASL", "OPENSUSE-2021-3876.NASL", "ORACLELINUX_ELSA-2021-9486.NASL", "ORACLELINUX_ELSA-2021-9487.NASL", "ORACLELINUX_ELSA-2022-7683.NASL", "ORACLELINUX_ELSA-2022-8267.NASL", "ORACLELINUX_ELSA-2022-9827.NASL", "ORACLELINUX_ELSA-2022-9828.NASL", "ORACLELINUX_ELSA-2022-9829.NASL", "ORACLELINUX_ELSA-2022-9830.NASL", "ORACLELINUX_ELSA-2022-9852.NASL", "ORACLELINUX_ELSA-2022-9969.NASL", "ORACLELINUX_ELSA-2022-9996.NASL", "ORACLELINUX_ELSA-2022-9997.NASL", "ORACLEVM_OVMSA-2022-0026.NASL", "PHOTONOS_PHSA-2020-1_0-0333_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0290_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0126_LINUX.NASL", "REDHAT-RHSA-2022-7444.NASL", "REDHAT-RHSA-2022-7683.NASL", "REDHAT-RHSA-2022-7933.NASL", "REDHAT-RHSA-2022-8267.NASL", "SLACKWARE_SSA_2022-237-02.NASL", "SLACKWARE_SSA_2022-333-01.NASL", "SUSE_SU-2021-3415-1.NASL", "SUSE_SU-2021-3876-1.NASL", "SUSE_SU-2021-3929-1.NASL", "SUSE_SU-2021-3935-1.NASL", "SUSE_SU-2021-3969-1.NASL", "SUSE_SU-2021-3972-1.NASL", "SUSE_SU-2022-2078-1.NASL", "SUSE_SU-2022-2079-1.NASL", "SUSE_SU-2022-2177-1.NASL", "SUSE_SU-2022-3584-1.NASL", "SUSE_SU-2022-3585-1.NASL", "SUSE_SU-2022-3586-1.NASL", "SUSE_SU-2022-3587-1.NASL", "SUSE_SU-2022-3599-1.NASL", "SUSE_SU-2022-3601-1.NASL", "SUSE_SU-2022-3605-1.NASL", "SUSE_SU-2022-3606-1.NASL", "SUSE_SU-2022-3607-1.NASL", "SUSE_SU-2022-3609-1.NASL", "SUSE_SU-2022-3628-1.NASL", "SUSE_SU-2022-3648-1.NASL", "SUSE_SU-2022-3657-1.NASL", "SUSE_SU-2022-3688-1.NASL", "SUSE_SU-2022-3693-1.NASL", "SUSE_SU-2022-3775-1.NASL", "SUSE_SU-2022-3779-1.NASL", "SUSE_SU-2022-3809-1.NASL", "SUSE_SU-2022-3810-1.NASL", "SUSE_SU-2022-3844-1.NASL", "SUSE_SU-2022-3897-1.NASL", "SUSE_SU-2022-3998-1.NASL", "SUSE_SU-2022-4506-1.NASL", "SUSE_SU-2022-4513-1.NASL", "SUSE_SU-2022-4516-1.NASL", "SUSE_SU-2022-4518-1.NASL", "SUSE_SU-2022-4520-1.NASL", "SUSE_SU-2022-4527-1.NASL", "SUSE_SU-2022-4528-1.NASL", "SUSE_SU-2022-4533-1.NASL", "SUSE_SU-2022-4534-1.NASL", "SUSE_SU-2022-4543-1.NASL", "SUSE_SU-2022-4544-1.NASL", "SUSE_SU-2022-4545-1.NASL", "SUSE_SU-2022-4550-1.NASL", "SUSE_SU-2022-4551-1.NASL", "SUSE_SU-2022-4559-1.NASL", "SUSE_SU-2022-4561-1.NASL", "SUSE_SU-2022-4562-1.NASL", "SUSE_SU-2022-4569-1.NASL", "SUSE_SU-2022-4577-1.NASL", "SUSE_SU-2022-4580-1.NASL", "SUSE_SU-2022-4587-1.NASL", "SUSE_SU-2022-4595-1.NASL", "SUSE_SU-2022-4611-1.NASL", "SUSE_SU-2022-4615-1.NASL", "SUSE_SU-2022-4617-1.NASL", "UBUNTU_USN-4576-1.NASL", "UBUNTU_USN-4577-1.NASL", "UBUNTU_USN-4578-1.NASL", "UBUNTU_USN-4579-1.NASL", "UBUNTU_USN-5415-1.NASL", "UBUNTU_USN-5417-1.NASL", "UBUNTU_USN-5557-1.NASL", "UBUNTU_USN-5560-1.NASL", "UBUNTU_USN-5560-2.NASL", "UBUNTU_USN-5562-1.NASL", "UBUNTU_USN-5564-1.NASL", "UBUNTU_USN-5565-1.NASL", "UBUNTU_USN-5566-1.NASL", "UBUNTU_USN-5567-1.NASL", "UBUNTU_USN-5582-1.NASL", "UBUNTU_USN-5594-1.NASL", "UBUNTU_USN-5599-1.NASL", "UBUNTU_USN-5602-1.NASL", "UBUNTU_USN-5616-1.NASL", "UBUNTU_USN-5622-1.NASL", "UBUNTU_USN-5623-1.NASL", "UBUNTU_USN-5630-1.NASL", "UBUNTU_USN-5639-1.NASL", "UBUNTU_USN-5647-1.NASL", "UBUNTU_USN-5654-1.NASL", "UBUNTU_USN-5660-1.NASL", "UBUNTU_USN-5669-1.NASL", "UBUNTU_USN-5669-2.NASL", "UBUNTU_USN-5678-1.NASL", "UBUNTU_USN-5679-1.NASL", "UBUNTU_USN-5684-1.NASL", "UBUNTU_USN-5687-1.NASL", "UBUNTU_USN-5691-1.NASL", "UBUNTU_USN-5692-1.NASL", "UBUNTU_USN-5693-1.NASL", "UBUNTU_USN-5695-1.NASL", "UBUNTU_USN-5700-1.NASL", "UBUNTU_USN-5708-1.NASL", "UBUNTU_USN-5728-1.NASL", "UBUNTU_USN-5728-2.NASL", "UBUNTU_USN-5728-3.NASL", "UBUNTU_USN-5752-1.NASL", "UBUNTU_USN-5757-1.NASL", "UBUNTU_USN-5757-2.NASL", "UBUNTU_USN-5758-1.NASL", "UBUNTU_USN-5774-1.NASL", "UBUNTU_USN-5791-1.NASL", "UBUNTU_USN-5791-2.NASL", "UBUNTU_USN-5791-3.NASL", "UBUNTU_USN-5792-1.NASL", "UBUNTU_USN-5792-2.NASL", "UBUNTU_USN-5793-1.NASL", "UBUNTU_USN-5793-2.NASL", "UBUNTU_USN-5793-3.NASL", "UBUNTU_USN-5793-4.NASL", "UBUNTU_USN-5815-1.NASL"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-2022-10-17-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9486", "ELSA-2021-9487", "ELSA-2022-7683", "ELSA-2022-8267", "ELSA-2022-9827", "ELSA-2022-9828", "ELSA-2022-9829", "ELSA-2022-9830", "ELSA-2022-9852", "ELSA-2022-9969", "ELSA-2022-9996", "ELSA-2022-9997"]}, {"type": "osv", "idList": ["OSV:CVE-2022-41674", "OSV:CVE-2022-42719", "OSV:CVE-2022-42720", "OSV:CVE-2022-42721", "OSV:DLA-2785-1", "OSV:DLA-2843-1", "OSV:DLA-3065-1", "OSV:DLA-3102-1", "OSV:DLA-3131-1", "OSV:DLA-3173-1", "OSV:DLA-3244-1", "OSV:DLA-3245-1", "OSV:DSA-4978-1", "OSV:DSA-5173-1", "OSV:DSA-5207-1", "OSV:DSA-5257-1", "OSV:DSA-5257-2", "OSV:DSA-5324-1"]}, {"type": "photon", "idList": ["PHSA-2020-0152", "PHSA-2020-0290", "PHSA-2020-0333", "PHSA-2020-1.0-0333", "PHSA-2020-2.0-0290", "PHSA-2020-3.0-0152", "PHSA-2021-0126", "PHSA-2021-4.0-0126", "PHSA-2022-0226", "PHSA-2022-0271", "PHSA-2022-0275", "PHSA-2022-0393", "PHSA-2022-0433", "PHSA-2022-0506"]}, {"type": "redhat", "idList": ["RHSA-2022:7444", "RHSA-2022:7683", "RHSA-2022:7933", "RHSA-2022:8267", "RHSA-2022:8781", "RHSA-2022:8889", "RHSA-2022:9040"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-16119", "RH:CVE-2022-2586", "RH:CVE-2022-32296", "RH:CVE-2022-3239", "RH:CVE-2022-3303", "RH:CVE-2022-41218", "RH:CVE-2022-41222", "RH:CVE-2022-41674", "RH:CVE-2022-41848", "RH:CVE-2022-41849", "RH:CVE-2022-42719", "RH:CVE-2022-42720", "RH:CVE-2022-42721"]}, {"type": "rocky", "idList": ["RLSA-2022:7444", "RLSA-2022:7683"]}, {"type": "slackware", "idList": ["SSA-2022-237-02", "SSA-2022-333-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:2177-1", "SUSE-SU-2022:2078-1", "SUSE-SU-2022:2079-1", "SUSE-SU-2022:3585-1", "SUSE-SU-2022:3609-1", "SUSE-SU-2022:3693-1", "SUSE-SU-2022:3775-1", "SUSE-SU-2022:3809-1", "SUSE-SU-2022:3844-1", "SUSE-SU-2022:3897-1"]}, {"type": "ubuntu", "idList": ["LSN-0072-1", "LSN-0089-1", "LSN-0090-1", "USN-4576-1", "USN-4577-1", "USN-4578-1", "USN-4579-1", "USN-4580-1", "USN-5415-1", "USN-5417-1", "USN-5557-1", "USN-5560-1", "USN-5560-2", "USN-5562-1", "USN-5564-1", "USN-5565-1", "USN-5566-1", "USN-5567-1", "USN-5582-1", "USN-5594-1", "USN-5599-1", "USN-5602-1", "USN-5616-1", "USN-5622-1", "USN-5623-1", "USN-5630-1", "USN-5639-1", "USN-5647-1", "USN-5654-1", "USN-5660-1", "USN-5669-1", "USN-5669-2", "USN-5678-1", "USN-5679-1", "USN-5684-1", "USN-5687-1", "USN-5691-1", "USN-5692-1", "USN-5693-1", "USN-5695-1", "USN-5700-1", "USN-5708-1", "USN-5728-1", "USN-5728-2", "USN-5728-3", "USN-5752-1", "USN-5757-1", "USN-5757-2", "USN-5758-1", "USN-5774-1", "USN-5791-1", "USN-5791-2", "USN-5791-3", "USN-5792-1", "USN-5792-2", "USN-5793-1", "USN-5793-2", "USN-5793-3", "USN-5793-4", "USN-5815-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-16119", "UB:CVE-2022-20008", "UB:CVE-2022-2503", "UB:CVE-2022-2586", "UB:CVE-2022-32296", "UB:CVE-2022-3239", "UB:CVE-2022-3303", "UB:CVE-2022-41218", "UB:CVE-2022-41222", "UB:CVE-2022-41674", "UB:CVE-2022-41848", "UB:CVE-2022-41849", "UB:CVE-2022-42719", "UB:CVE-2022-42720", "UB:CVE-2022-42721"]}, {"type": "veracode", "idList": ["VERACODE:37094", "VERACODE:37272", "VERACODE:37597", "VERACODE:37602", "VERACODE:37603", "VERACODE:37604", "VERACODE:38101", "VERACODE:38359"]}, {"type": "zdi", "idList": ["ZDI-22-1118"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "vulnersScore": 0.3}, "_state": {"dependencies": 1675860570, "score": 1675860592}, "_internal": {"score_hash": "8b9a38c23769ccbe9510f98999a251a6"}, "pluginID": "166446", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3704-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166446);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2020-16119\",\n \"CVE-2022-2503\",\n \"CVE-2022-2586\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-20008\",\n \"CVE-2022-32296\",\n \"CVE-2022-41218\",\n \"CVE-2022-41222\",\n \"CVE-2022-41674\",\n \"CVE-2022-41848\",\n \"CVE-2022-41849\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3704-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3704-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3704-1 advisory.\n\n - Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP\n socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux\n kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.\n (CVE-2020-16119)\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized\n data. This could lead to local information disclosure if reading from an SD card that triggers errors,\n with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused\n by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is\n not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant\n use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race\n condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-\n after-free if a physically proximate attacker removes a USB device while calling open(), aka a race\n condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204060\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012636.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2c30b1e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42721\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16119\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_134-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150200.24.134-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150200_24_134-default-1-150200.5.3.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-obs-build:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-preempt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-preempt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:reiserfs-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_134-default:*:*:*:*:*:*:*"], "solution": "Update the affected packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2020-16119", "vendor_cvss2": {"score": 4.6, "vector": "CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-10-24T00:00:00", "vulnerabilityPublicationDate": "2020-10-15T00:00:00", "exploitableWith": []}

{"suse": [{"lastseen": "2022-10-26T14:51:51", "description": "An update that solves 17 vulnerabilities, contains one\n feature and has 29 fixes is now available.\n\nDescription:\n\n\n The SUSE Linux Enterprise 15 SP3 kernel was updated.\n\n The following security bugs were fixed:\n\n - CVE-2022-40768: Fixed information leak in the scsi driver which allowed\n local users to obtain sensitive information from kernel memory.\n (bnc#1203514)\n - CVE-2022-3169: Fixed a denial of service flaw which occurs when\n consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET\n are sent. (bnc#1203290)\n - CVE-2022-42722: Fixed crash in beacon protection for P2P-device.\n (bsc#1204125)\n - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051)\n - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060)\n - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059)\n - CVE-2022-3303: Fixed a race condition in the sound subsystem due to\n improper locking (bnc#1203769).\n - CVE-2022-41218: Fixed an use-after-free caused by refcount races in\n drivers/media/dvb-core/dmxdev.c (bnc#1202960).\n - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that\n could lead a local user to able to crash the system or escalate their\n privileges (bnc#1203552).\n - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a\n physically proximate attacker removes a PCMCIA device while calling\n ioctl (bnc#1203987).\n - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a\n physically proximate attacker removes a USB device while calling open\n (bnc#1203992).\n - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the\n reception of specific WiFi Frames (bsc#1203770).\n - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft\n table is deleted (bnc#1202095).\n - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap\n lock is not held during a PUD move (bnc#1203622).\n - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads\n allowed users with root privileges to switch out the target with an\n equivalent dm-linear target and bypass verification till reboot. This\n allowed root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel\n execution and persistence for peripherals that do not verify firmware\n updates (bnc#1202677).\n - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due\n to uninitialized data. This could lead to local information disclosure\n if reading from an SD card that triggers errors, with no additional\n execution privileges needed. (bnc#1199564)\n - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a\n local attacker due to reuse of a DCCP socket. (bnc#1177471)\n\n The following non-security bugs were fixed:\n\n - ALSA: aloop: Fix random zeros in capture data when using jiffies timer\n (git-fixes).\n - ALSA: emu10k1: Fix out of bounds access in\n snd_emu10k1_pcm_channel_alloc() (git-fixes).\n - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).\n - ALSA: seq: Fix data-race at module auto-loading (git-fixes).\n - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).\n - ALSA: usb-audio: Fix an out-of-bounds bug in\n __snd_usb_parse_audio_interface() (git-fixes).\n - ALSA: usb-audio: fix spelling mistakes (git-fixes).\n - ALSA: usb-audio: Inform the delayed registration more properly\n (git-fixes).\n - ALSA: usb-audio: Register card again for iface over delayed_register\n option (git-fixes).\n - ALSA: usb-audio: Split endpoint setups for hw_params and prepare\n (git-fixes).\n - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1\n (git-fixes)\n - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)\n - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to\n (bsc#1202341)\n - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id\n (git-fixes)\n - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)\n - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma\n (git-fixes)\n - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)\n - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)\n - arm64: kexec_file: use more system keyrings to verify kernel image\n signature (bsc#1196444).\n - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)\n - arm64: mm: fix p?d_leaf() (git-fixes)\n - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds\n (git-fixes)\n - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)\n - arm64: tegra: Remove non existent Tegra194 reset (git-fixes)\n - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)\n - arm64/mm: Validate hotplug range before creating linear mapping\n (git-fixes)\n - bpf: Compile out btf_parse_module() if module BTF is not enabled\n (git-fixes).\n - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory\n (bsc#1203906).\n - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)\n - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)\n - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).\n - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).\n - drm/gem: Fix GEM handle release errors (git-fixes).\n - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).\n - drm/meson: Correct OSD1 global alpha value (git-fixes).\n - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).\n - drm/msm/rd: Fix FIFO-full deadlock (git-fixes).\n - drm/radeon: add a force flush to delay work when radeon (git-fixes).\n - dtb: Do not include sources in src.rpm - refer to kernel-source Same as\n other kernel binary packages there is no need to carry duplicate sources\n in dtb packages.\n - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).\n - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()\n (git-fixes).\n - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).\n - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace\n is dead (git-fixes).\n - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx\n (git-fixes).\n - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message\n (git-fixes).\n - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).\n - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).\n - ima: force signature verification when CONFIG_KEXEC_SIG is configured\n (bsc#1203737).\n - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).\n - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).\n - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).\n - JFS: fix GPF in diFree (bsc#1203389).\n - JFS: fix memleak in jfs_mount (git-fixes).\n - JFS: more checks for invalid superblock (git-fixes).\n - JFS: prevent NULL deref in diFree (bsc#1203389).\n - kABI: x86: kexec: hide new include from genksyms (bsc#1196444).\n - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).\n - kexec: do not verify the signature without the lockdown or mandatory\n signature (bsc#1203737).\n - kexec: drop weak attribute from arch_kexec_apply_relocations[_add]\n (bsc#1196444).\n - kexec: drop weak attribute from functions (bsc#1196444).\n - kexec: drop weak attribute from functions (bsc#1196444).\n - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).\n - kexec: KEYS: s390: Make use of built-in and secondary keyring for\n signature verification (bsc#1196444).\n - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value\n (git-fixes).\n - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks\n (git-fixes).\n - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical\n #GP (git-fixes).\n - md-raid10: fix KASAN warning (git-fixes).\n - md: call __md_stop_writes in md_stop (git-fixes).\n - md: unlock mddev before reap sync_thread in action_store (bsc#1197659).\n - mm: pagewalk: Fix race between unmap and page walker (git-fixes,\n bsc#1203159).\n - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock\n (bsc#1201990).\n - mm: smaps*: extend smap_gather_stats to support specified beginning\n (bsc#1201990).\n - net: mana: Add rmb after checking owner bits (git-fixes).\n - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).\n - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).\n - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).\n - NFS: Fix races in the legacy idmapper upcall (git-fixes).\n - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).\n - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).\n - NFSD: Fix offset type in I/O trace points (git-fixes).\n - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).\n - nvme-rdma: Handle number of queue changes (bsc#1201865).\n - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).\n - nvme-tcp: Handle number of queue changes (bsc#1201865).\n - nvmet: Expose max queues to configfs (bsc#1201865).\n - of: device: Fix up of_dma_configure_id() stub (git-fixes).\n - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).\n - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes).\n - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap\n fixes (git-fixes).\n - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).\n - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).\n - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).\n - psi: Fix uaf issue when psi trigger is destroyed while being polled\n (bsc#1203909).\n - regulator: core: Clean up on enable failure (git-fixes).\n - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).\n - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984\n LTC#199607).\n - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607).\n - s390/qeth: improve selection of ethtool link modes (bsc#1202984\n LTC#199607).\n - s390/qeth: set static link info during initialization (bsc#1202984\n LTC#199607).\n - s390/qeth: tolerate error when querying card info (bsc#1202984\n LTC#199607).\n - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607).\n - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid\n (git-fixes).\n - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).\n - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID\n cases (bsc#1203939).\n - scsi: lpfc: Add reporting capability for Link Degrade Signaling\n (bsc#1203939).\n - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).\n - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload\n (bsc#1203939).\n - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same\n NPort ID (bsc#1203939).\n - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).\n - scsi: lpfc: Fix various issues reported by tools (bsc#1203939).\n - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed\n phba (bsc#1185032 bsc#1203939).\n - scsi: lpfc: Remove the unneeded result variable (bsc#1203939).\n - scsi: lpfc: Remove unneeded result variable (bsc#1203939).\n - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd\n (bsc#1203939).\n - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE\n (bsc#1203939).\n - scsi: lpfc: Rework FDMI attribute registration for unintential padding\n (bsc#1203939).\n - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency\n (bsc#1203939).\n - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager\n application (bsc#1203939).\n - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).\n - scsi: mpt3sas: Fix use-after-free warning (git-fixes).\n - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).\n - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status\n (bsc#1203935).\n - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1()\n (bsc#1203935).\n - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).\n - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX\n (bsc#1203935).\n - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).\n - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).\n - scsi: qla2xxx: Fix response queue handler reading stale packets\n (bsc#1203935).\n - scsi: qla2xxx: Log message \"skipping scsi_scan_host()\" as informational\n (bsc#1203935).\n - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).\n - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).\n - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).\n - scsi: qla2xxx: Revert \"scsi: qla2xxx: Fix response queue handler reading\n stale packets\" (bsc#1203935).\n - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).\n - scsi: sg: Allow waiting for commands to complete on removed device\n (git-fixes).\n - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).\n - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).\n - scsi: smartpqi: Update LUN reset handler (bsc#1200622).\n - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs\n (git-fixes).\n - squashfs: fix divide error in calculate_skip() (git-fixes).\n - struct ehci_hcd: hide new member (git-fixes).\n - struct otg_fsm: hide new boolean member in gap (git-fixes).\n - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).\n - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).\n - SUNRPC: fix expiry of auth creds (git-fixes).\n - SUNRPC: Fix misplaced barrier in call_decode (git-fixes).\n - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes).\n - SUNRPC: Reinitialise the backchannel request buffers before reuse\n (git-fixes).\n - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).\n - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes).\n - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).\n - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes).\n - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).\n - USB: core: Fix RST error in hub.c (git-fixes).\n - USB: core: Prevent nested device-reset calls (git-fixes).\n - USB: dwc3: disable USB core PHY management (git-fixes).\n - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).\n - USB: otg-fsm: Fix hrtimer list corruption (git-fixes).\n - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).\n - USB: serial: ch341: fix lost character on LCR updates (git-fixes).\n - USB: serial: ch341: name prescaler, divisor registers (git-fixes).\n - USB: serial: cp210x: add Decagon UCA device id (git-fixes).\n - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).\n - USB: serial: option: add Quectel EM060K modem (git-fixes).\n - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode\n (git-fixes).\n - USB: serial: option: add support for OPPO R11 diag port (git-fixes).\n - USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).\n - USB: struct usb_device: hide new member (git-fixes).\n - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).\n - vt: Clear selection before changing the font (git-fixes).\n - vt: selection, introduce vc_is_sel (git-fixes).\n - watchdog: wdat_wdt: Set the min and max timeout values properly\n (bsc#1194023).\n - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in\n il4965_rs_fill_link_cmd() (git-fixes).\n - x86/bugs: Reenable retbleed=off While for older kernels the return\n thunks are statically built in and cannot be dynamically patched out,\n retbleed=off should still work so that it can be disabled.\n - x86/kexec: fix memory leak of elf header buffer (bsc#1196444).\n - x86/xen: Remove undefined behavior in setup_features() (git-fixes).\n - xen/xenbus: fix return type in xenbus_file_read() (git-fixes).\n - xprtrdma: Fix cwnd update ordering (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap Micro 5.2:\n\n zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3775=1\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-3775=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-3775=1\n\n - SUSE Linux Enterprise Workstation Extension 15-SP3:\n\n zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3775=1\n\n - SUSE Linux Enterprise Module for Live Patching 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3775=1\n\n Please note that this is the initial kernel livepatch without fixes\n itself, this livepatch package is later updated by seperate standalone\n livepatch updates.\n\n - SUSE Linux Enterprise Module for Legacy Software 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3775=1\n\n - SUSE Linux Enterprise Module for Development Tools 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3775=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3775=1\n\n - SUSE Linux Enterprise Micro 5.2:\n\n zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3775=1\n\n - SUSE Linux Enterprise Micro 5.1:\n\n zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3775=1\n\n - SUSE Linux Enterprise High Availability 15-SP3:\n\n zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3775=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-26T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16119", "CVE-2022-20008", "CVE-2022-2503", "CVE-2022-2586", "CVE-2022-3169", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-40768", "CVE-2022-41218", "CVE-2022-41222", "CVE-2022-41674", "CVE-2022-41848", "CVE-2022-41849", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721", "CVE-2022-42722"], "modified": "2022-10-26T00:00:00", "id": "SUSE-SU-2022:3775-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HLPGCPR4O2V7EYHKOSHXQ4PHA6XWPHAI/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-22T16:31:15", "description": "An update that solves 7 vulnerabilities, contains one\n feature and has one errata is now available.\n\nDescription:\n\n\n The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various\n security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2022-20008: Fixed local information disclosure due to possibility to\n read kernel heap memory via mmc_blk_read_single of block.c (bnc#1199564).\n - CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin\n and load untrusted and unverified kernel modules and firmware\n (bnc#1202677).\n - CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to\n identify clients by observing what source ports are used (bnc#1200288).\n - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that\n could lead a local user to able to crash the system or escalate their\n privileges (bnc#1203552).\n - CVE-2022-3303: Fixed a race condition in the sound subsystem due to\n improper locking (bnc#1203769).\n - CVE-2022-41218: Fixed an use-after-free caused by refcount races in\n drivers/media/dvb-core/dmxdev.c (bnc#1202960).\n - CVE-2022-41848: Fixed a race condition in\n drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach\n (bnc#1203987).\n\n The following non-security bugs were fixed:\n\n - dtb: Do not include sources in src.rpm - refer to kernel-source Same as\n other kernel binary packages there is no need to carry duplicate sources\n in dtb packages.\n - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with\n @SOURCES@, just include the content there.\n - net: mana: Add rmb after checking owner bits (git-fixes).\n - net: mana: Add the Linux MANA PF driver (bnc#1201309, jsc#PED-529).\n - x86/bugs: Reenable retbleed=off While for older kernels the return\n thunks are statically built in and cannot be dynamically patched out,\n retbleed=off should still be possible to do so that the mitigation can\n still be disabled on Intel who do not use the return thunks but IBRS.\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-3693=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-3693=1\n\n - SUSE Linux Enterprise Server for SAP 15-SP1:\n\n zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3693=1\n\n - SUSE Linux Enterprise Server 15-SP1-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3693=1\n\n - SUSE Linux Enterprise Server 15-SP1-BCL:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3693=1\n\n - SUSE Linux Enterprise Module for Live Patching 15-SP1:\n\n zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3693=1\n\n Please note that this is the initial kernel livepatch without fixes\n itself, this livepatch package is later updated by seperate standalone\n livepatch updates.\n\n - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3693=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3693=1\n\n - SUSE Linux Enterprise High Availability 15-SP1:\n\n zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3693=1\n\n - SUSE Enterprise Storage 6:\n\n zypper in -t patch SUSE-Storage-6-2022-3693=1\n\n - SUSE CaaS Platform 4.0:\n\n To install this update, use the SUSE CaaS Platform 'skuba' tool. It\n will inform you if it detects new updates and let you then trigger\n updating of the complete cluster in a controlled way.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-22T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20008", "CVE-2022-2503", "CVE-2022-32296", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-41218", "CVE-2022-41848"], "modified": "2022-10-22T00:00:00", "id": "SUSE-SU-2022:3693-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3MMDP5ZSVVF6LCNF4NCLDIUM3UQNRN7M/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-10T08:09:12", "description": "An update that solves 15 vulnerabilities, contains 12\n features and has 33 fixes is now available.\n\nDescription:\n\n\n The SUSE Linux Enterprise 15 SP4 kernel was updated.\n\n The following security bugs were fixed:\n\n - CVE-2022-3303: Fixed a race condition in the sound subsystem due to\n improper locking (bnc#1203769).\n - CVE-2022-41218: Fixed an use-after-free caused by refcount races in\n drivers/media/dvb-core/dmxdev.c (bnc#1202960).\n - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that\n could lead a local user to able to crash the system or escalate their\n privileges (bnc#1203552).\n - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a\n physically proximate attacker removes a PCMCIA device while calling\n ioctl (bnc#1203987).\n - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a\n physically proximate attacker removes a USB device while calling open\n (bnc#1203992).\n - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the\n reception of specific WiFi Frames (bsc#1203770).\n - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM\n when releasing a vCPU with dirty ring support enabled. This flaw allowed\n an unprivileged local attacker on the host to issue specific ioctl\n calls, causing a kernel oops condition that results in a denial of\n service (bnc#1198189).\n - CVE-2022-32296: Fixed a bug which allowed TCP servers to identify\n clients by observing what source ports are used (bnc#1200288).\n - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File\n System. This could allow a local attacker to crash the system or leak\n kernel internal information (bnc#1203389).\n - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows\n unprivileged guest users to compromise the guest kernel because TLB\n flush operations are mishandled (bnc#1203066).\n - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft\n table is deleted (bnc#1202095).\n - CVE-2022-42722: Fixed crash in beacon protection for P2P-device.\n (bsc#1204125)\n - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051)\n - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060)\n - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059)\n\n The following non-security bugs were fixed:\n\n - ACPI / scan: Create platform device for CS35L41 (bsc#1203699).\n - ACPI: processor idle: Practically limit \"Dummy wait\" workaround to old\n Intel systems (bsc#1203767).\n - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes).\n - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699).\n - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699).\n - ALSA: aloop: Fix random zeros in capture data when using jiffies timer\n (git-fixes).\n - ALSA: core: Fix double-free at snd_card_new() (git-fixes).\n - ALSA: cs35l41: Check hw_config before using it (bsc#1203699).\n - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699).\n - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699).\n - ALSA: cs35l41: Unify hardware configuration (bsc#1203699).\n - ALSA: emu10k1: Fix out of bounds access in\n snd_emu10k1_pcm_channel_alloc() (git-fixes).\n - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).\n - ALSA: hda: cs35l41: Add Amp Name based on channel and index\n (bsc#1203699).\n - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699).\n - ALSA: hda: cs35l41: Add calls to newly added test key function\n (bsc#1203699).\n - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence\n (bsc#1203699).\n - ALSA: hda: cs35l41: Add initial DSP support and firmware loading\n (bsc#1203699).\n - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699).\n - ALSA: hda: cs35l41: Add module parameter to control firmware load\n (bsc#1203699).\n - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699).\n - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699).\n - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations\n (bsc#1203699).\n - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699).\n - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699).\n - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties\n (bsc#1203699).\n - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41\n (bsc#1203699).\n - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699).\n - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699).\n - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops\n (bsc#1203699).\n - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference\n (bsc#1203699).\n - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699).\n - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name\n (bsc#1203699).\n - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699).\n - ALSA: hda: cs35l41: Handle all external boost setups the same way\n (bsc#1203699).\n - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699).\n - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699).\n - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe()\n (bsc#1203699).\n - ALSA: hda: cs35l41: Move boost config to initialization code\n (bsc#1203699).\n - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace\n (bsc#1203699).\n - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use\n (bsc#1203699).\n - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699).\n - ALSA: hda: cs35l41: Put the device into safe mode for external boost\n (bsc#1203699).\n - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables\n (bsc#1203699).\n - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699).\n - ALSA: hda: cs35l41: Remove Set Channel Map api from binding\n (bsc#1203699).\n - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699).\n - ALSA: hda: cs35l41: Save codec object inside component struct\n (bsc#1203699).\n - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver\n (bsc#1203699).\n - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop\n (bsc#1203699).\n - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699).\n - ALSA: hda: cs35l41: Support Firmware switching and reloading\n (bsc#1203699).\n - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699).\n - ALSA: hda: cs35l41: Support multiple load paths for firmware\n (bsc#1203699).\n - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699).\n - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699).\n - ALSA: hda: cs35l41: Tidyup code (bsc#1203699).\n - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699).\n - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699).\n - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699).\n - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount\n saturation (git-fixes).\n - ALSA: hda: Fix Nvidia dp infoframe (git-fixes).\n - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly\n (bsc#1203699).\n - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699).\n - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls\n (bsc#1203699).\n - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720).\n - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699).\n - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699).\n - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699).\n - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static\n (bsc#1203699).\n - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699).\n - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants\n (bsc#1203699).\n - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration\n (bsc#1203699).\n - ALSA: hda/cs8409: Re-order quirk table into ascending order\n (bsc#1203699).\n - ALSA: hda/cs8409: Support manual mode detection for CS42L42\n (bsc#1203699).\n - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699).\n - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699).\n - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699).\n - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver\n (bsc#1203699).\n - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED\n (git-fixes).\n - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops\n (bsc#1203699).\n - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9\n (bsc#1203699).\n - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).\n - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).\n - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).\n - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model\n (bsc#1203699).\n - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).\n - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699).\n - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41\n (bsc#1203699).\n - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699).\n - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699).\n - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop\n (git-fixes).\n - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop\n (git-fixes).\n - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on\n EliteBook 845/865 G9 (bsc#1203699).\n - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops\n (bsc#1203699).\n - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops\n (bsc#1203699).\n - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699).\n - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec\n (bsc#1203699).\n - ALSA: hda/realtek: More robust component matching for CS35L41\n (bsc#1203699).\n - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).\n - ALSA: hda/sigmatel: Fix unused variable warning for beep power change\n (git-fixes).\n - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes).\n - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).\n - ALSA: hda/tegra: set depop delay for tegra (git-fixes).\n - ALSA: hda/tegra: Update scratch reg. communication (git-fixes).\n - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes).\n - ALSA: usb-audio: Fix an out-of-bounds bug in\n __snd_usb_parse_audio_interface() (git-fixes).\n - ALSA: usb-audio: Inform the delayed registration more properly\n (git-fixes).\n - ALSA: usb-audio: Register card again for iface over delayed_register\n option (git-fixes).\n - ALSA: usb-audio: Split endpoint setups for hw_params and prepare\n (git-fixes).\n - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes).\n - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes).\n - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes).\n - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes).\n - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes).\n - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes).\n - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma\n (git-fixes).\n - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes).\n - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes)\n Enable this errata fix configuration option to arm64/default.\n - arm64: kexec_file: use more system keyrings to verify kernel image\n signature (bsc#1196444).\n - arm64: lib: Import latest version of Arm Optimized Routines' strcmp\n (git-fixes)\n - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes)\n - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes).\n - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699).\n - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699).\n - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699).\n - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699).\n - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver\n (bsc#1203699).\n - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).\n - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).\n - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699).\n - ASoC: cs35l41: Add support for hibernate memory retention mode\n (bsc#1203699).\n - ASoC: cs35l41: Binding fixes (bsc#1203699).\n - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699).\n - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699).\n - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699).\n - ASoC: cs35l41: Correct DSP power down (bsc#1203699).\n - ASoC: cs35l41: Correct handling of some registers in the cache\n (bsc#1203699).\n - ASoC: cs35l41: Correct some control names (bsc#1203699).\n - ASoC: cs35l41: Create shared function for boost configuration\n (bsc#1203699).\n - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699).\n - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699).\n - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699).\n - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699).\n - ASoC: cs35l41: Do not print error when waking from hibernation\n (bsc#1203699).\n - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699).\n - ASoC: cs35l41: DSP Support (bsc#1203699).\n - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues\n (bsc#1203699).\n - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN\n (bsc#1203699).\n - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t\n (bsc#1203699).\n - ASoC: cs35l41: Fix DSP mbox start command and global enable order\n (bsc#1203699).\n - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699).\n - ASoC: cs35l41: Fix link problem (bsc#1203699).\n - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699).\n - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699).\n - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699).\n - ASoC: cs35l41: Fixup the error messages (bsc#1203699).\n - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699).\n - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699).\n - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code\n (bsc#1203699).\n - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699).\n - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699).\n - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code\n (bsc#1203699).\n - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699).\n - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware\n (bsc#1203699).\n - ASoC: cs35l41: Remove incorrect comment (bsc#1203699).\n - ASoC: cs35l41: Remove unnecessary param (bsc#1203699).\n - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699).\n - ASoC: cs35l41: Support external boost (bsc#1203699).\n - ASoC: cs35l41: Update handling of test key registers (bsc#1203699).\n - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot\n (bsc#1203699).\n - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699).\n - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START\n (bsc#1203699).\n - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable\n (bsc#1203699).\n - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts\n (bsc#1203699).\n - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling\n (bsc#1203699).\n - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699).\n - ASoC: cs42l42: Do not reconfigure the PLL while it is running\n (bsc#1203699).\n - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt\n (bsc#1203699).\n - ASoC: cs42l42: free_irq() before powering-down on probe() fail\n (bsc#1203699).\n - ASoC: cs42l42: Handle system suspend (bsc#1203699).\n - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699).\n - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699).\n - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script\n (bsc#1203699).\n - ASoC: cs42l42: Move CS42L42 register descriptions to general include\n (bsc#1203699).\n - ASoC: cs42l42: Only report button state if there was a button interrupt\n (git-fixes).\n - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler\n (bsc#1203699).\n - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699).\n - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699).\n - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks\n (bsc#1203699).\n - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks\n (bsc#1203699).\n - ASoC: cs42l42: Report full jack status when plug is detected\n (bsc#1203699).\n - ASoC: cs42l42: Report initial jack state (bsc#1203699).\n - ASoC: cs42l42: Reset and power-down on remove() and failed probe()\n (bsc#1203699).\n - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699).\n - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699).\n - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699).\n - ASoC: cs42l42: Use two thresholds and increased wait time for manual\n type detection (bsc#1203699).\n - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699).\n - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes).\n - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes).\n - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes).\n - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes).\n - ASoC: qcom: sm8250: add missing module owner (git-fixes).\n - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720).\n - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720).\n - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652).\n - ASoC: tas2770: Reinit regcache on reset (git-fixes).\n - ASoC: wm_adsp: Add support for \"toggle\" preloaders (bsc#1203699).\n - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699).\n - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699).\n - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed\n (bsc#1203699).\n - ASoC: wm_adsp: Correct control read size when parsing compressed buffer\n (bsc#1203699).\n - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699).\n - ASoC: wm_adsp: Fix event for preloader (bsc#1203699).\n - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699).\n - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699).\n - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699).\n - ASoC: wm_adsp: Move check for control existence (bsc#1203699).\n - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699).\n - ASoC: wm_adsp: move firmware loading to client (bsc#1203699).\n - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699).\n - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core\n (bsc#1203699).\n - ASoC: wm_adsp: remove a repeated including (bsc#1203699).\n - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699).\n - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699).\n - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699).\n - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699).\n - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699).\n - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699).\n - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops\n (bsc#1203699).\n - ASoC: wm_adsp: Split DSP power operations into helper functions\n (bsc#1203699).\n - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699).\n - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers\n (bsc#1203699).\n - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret'\n (bsc#1203699).\n - batman-adv: Fix hang up with small MTU hard-interface (git-fixes).\n - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend\n (git-fixes).\n - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure\n (git-fixes).\n - Bluetooth: hci_core: Fix not handling link timeouts propertly\n (git-fixes).\n - bnx2x: fix built-in kernel driver load failure (git-fixes).\n - bnx2x: fix driver load from initrd (git-fixes).\n - btrfs: fix relocation crash due to premature return from\n btrfs_commit_transaction() (bsc#1203360).\n - btrfs: fix space cache corruption and potential double allocations\n (bsc#1203361).\n - can: gs_usb: gs_can_open(): fix race dev->can.state condition\n (git-fixes).\n - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes).\n - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()\n (bsc#1196869).\n - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory\n (bsc#1203906).\n - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902).\n - cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869).\n - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes).\n - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc()\n (git-fixes).\n - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks\n (git-fixes).\n - clk: ingenic-tcu: Properly enable registers before accessing timers\n (git-fixes).\n - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).\n - constraints: increase disk space for all architectures References:\n bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show\n that it is very close to the limit.\n - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)\n - cs-dsp and serial-multi-instantiate enablement (bsc#1203699)\n - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682).\n - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755).\n - dmaengine: idxd: change MSIX allocation based on per wq activation\n (jsc#PED-664).\n - dmaengine: idxd: create locked version of idxd_quiesce() call\n (jsc#PED-682).\n - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664).\n - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664).\n - dmaengine: idxd: fix retry value to be constant for duration of function\n call (git-fixes).\n - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682).\n - dmaengine: idxd: handle invalid interrupt handle descriptors\n (jsc#PED-682).\n - dmaengine: idxd: int handle management refactoring (jsc#PED-682).\n - dmaengine: idxd: match type for retries var in idxd_enqcmds()\n (git-fixes).\n - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682).\n - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682).\n - dmaengine: idxd: set defaults for wq configs (jsc#PED-688).\n - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763).\n - dmaengine: ti: k3-udma-private: Fix refcount leak bug in\n of_xudma_dev_get() (git-fixes).\n - docs: i2c: i2c-topology: fix incorrect heading (git-fixes).\n - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes).\n - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes).\n - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes).\n - drm/amd/display: Limit user regamma to a valid value (git-fixes).\n - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack\n usage (git-fixes).\n - drm/amd/display: Reduce number of arguments of dml31's\n CalculateFlipSchedule() (git-fixes).\n - drm/amd/display: Reduce number of arguments of dml31's\n CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes).\n - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid\n cards (git-fixes).\n - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).\n - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).\n - drm/amdgpu: make sure to init common IP before gmc (git-fixes).\n - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).\n - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega\n (git-fixes).\n - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega\n (git-fixes).\n - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device\n to psp_hw_fini (git-fixes).\n - drm/amdgpu: Separate vf2pf work item init from virt data exchange\n (git-fixes).\n - drm/amdgpu: use dirty framebuffer helper (git-fixes).\n - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes).\n - drm/bridge: lt8912b: add vsync hsync (git-fixes).\n - drm/bridge: lt8912b: fix corrupted image output (git-fixes).\n - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes).\n - drm/gem: Fix GEM handle release errors (git-fixes).\n - drm/gma500: Fix BUG: sleeping function called from invalid context\n errors (git-fixes).\n - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes).\n - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes).\n - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).\n - drm/i915/gt: Restrict forced preemption to the active context\n (git-fixes).\n - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks\n (git-fixes).\n - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()\n (git-fixes).\n - drm/meson: Correct OSD1 global alpha value (git-fixes).\n - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).\n - drm/msm/rd: Fix FIFO-full deadlock (git-fixes).\n - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes).\n - drm/panfrost: devfreq: set opp to the recommended one to configure\n regulator (git-fixes).\n - drm/radeon: add a force flush to delay work when radeon (git-fixes).\n - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).\n - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes).\n - dt-bindings: hwmon: (mr75203) fix \"intel,vm-map\" property to be optional\n (git-fixes).\n - EDAC/dmc520: Do not print an error for each unconfigured interrupt line\n (bsc#1190497).\n - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).\n - efi: libstub: Disable struct randomization (git-fixes).\n - eth: alx: take rtnl_lock on resume (git-fixes).\n - eth: sun: cassini: remove dead code (git-fixes).\n - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472)\n Backporting changes: \t* context fixes in other patch \t* update config\n - fbcon: Fix accelerated fbdev scrolling while logo is still shown\n (bsc#1152472)\n - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()\n (git-fixes).\n - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes).\n - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes).\n - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic\n DSPs (bsc#1203699).\n - firmware: cs_dsp: Add lockdep asserts to interface functions\n (bsc#1203699).\n - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699).\n - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699).\n - firmware: cs_dsp: Add pre_run callback (bsc#1203699).\n - firmware: cs_dsp: Add pre_stop callback (bsc#1203699).\n - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699).\n - firmware: cs_dsp: Add version checks on coefficient loading\n (bsc#1203699).\n - firmware: cs_dsp: Allow creation of event controls (bsc#1203699).\n - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699).\n - firmware: cs_dsp: Clear core reset for cache (bsc#1203699).\n - firmware: cs_dsp: Fix overrun of unterminated control name string\n (bsc#1203699).\n - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer\n (bsc#1203699).\n - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl\n (bsc#1203699).\n - firmware: cs_dsp: Print messages from bin files (bsc#1203699).\n - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699).\n - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace\n is dead (git-fixes).\n - fuse: Remove the control interface for virtio-fs (bsc#1203798).\n - gpio: mockup: fix NULL pointer dereference when removing debugfs\n (git-fixes).\n - gpio: mockup: remove gpio debugfs when remove device (git-fixes).\n - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx\n (git-fixes).\n - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes).\n - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully\n (git-fixes).\n - gve: Fix GFP flags when allocing pages (git-fixes).\n - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message\n (git-fixes).\n - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).\n - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes).\n - hwmon: (mr75203) enable polling for all VM channels (git-fixes).\n - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes).\n - hwmon: (mr75203) fix VM sensor allocation when \"intel,vm-map\" not\n defined (git-fixes).\n - hwmon: (mr75203) fix voltage equation for negative source input\n (git-fixes).\n - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of\n used sensors (git-fixes).\n - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888\n controller (git-fixes).\n - hwmon: (tps23861) fix byte order in resistance register (git-fixes).\n - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699).\n - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible\n (git-fixes).\n - i2c: mlxbf: Fix frequency calculation (git-fixes).\n - i2c: mlxbf: incorrect base address passed during io write (git-fixes).\n - i2c: mlxbf: prevent stack overflow in\n mlxbf_i2c_smbus_start_transaction() (git-fixes).\n - i2c: mlxbf: support lock mechanism (git-fixes).\n - ice: Allow operation with reduced device MSI-X (bsc#1201987).\n - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes).\n - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes).\n - ice: fix crash when writing timestamp on RX rings (git-fixes).\n - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes).\n - ice: fix possible under reporting of ethtool Tx and Rx statistics\n (git-fixes).\n - ice: Fix race during aux device (un)plugging (git-fixes).\n - ice: Match on all profiles in slow-path (git-fixes).\n - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).\n - igb: skip phy status check where unavailable (git-fixes).\n - Input: goodix - add compatible string for GT1158 (git-fixes).\n - Input: goodix - add support for GT1158 (git-fixes).\n - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).\n - Input: iqs62x-keys - drop unused device node references (git-fixes).\n - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).\n - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).\n - kABI workaround for spi changes (bsc#1203699).\n - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236).\n - kABI: fix adding another field to scsi_device (bsc#1203039).\n - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814).\n - kbuild: disable header exports for UML in a straightforward way\n (git-fixes).\n - kexec, KEYS, s390: Make use of built-in and secondary keyring for\n signature verification (bsc#1196444).\n - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).\n - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).\n - kexec: drop weak attribute from functions (bsc#1196444).\n - KVM: SVM: Create a separate mapping for the GHCB save area\n (jsc#SLE-19924, jsc#SLE-24814).\n - KVM: SVM: Create a separate mapping for the SEV-ES save area\n (jsc#SLE-19924, jsc#SLE-24814).\n - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924,\n jsc#SLE-24814).\n - KVM: SVM: fix tsc scaling cache logic (bsc#1203263).\n - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924,\n jsc#SLE-24814).\n - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes).\n - KVM: X86: Fix when shadow_root_level=5 and guest root_level 4\n (git-fixes).\n - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi()\n (git-fixes).\n - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall\n (git-fixes).\n - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924,\n jsc#SLE-24814).\n - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205\n (git-fixes).\n - lockd: detect and reject lock arguments that overflow (git-fixes).\n - md-raid10: fix KASAN warning (git-fixes).\n - md: call __md_stop_writes in md_stop (git-fixes).\n - md: unlock mddev before reap sync_thread in action_store (bsc#1197659).\n - media: aspeed: Fix an error handling path in aspeed_video_probe()\n (git-fixes).\n - media: coda: Add more H264 levels for CODA960 (git-fixes).\n - media: coda: Fix reported H264 profile (git-fixes).\n - media: dvb_vb2: fix possible out of bound access (git-fixes).\n - media: exynos4-is: Change clk_disable to clk_disable_unprepare\n (git-fixes).\n - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe\n (git-fixes).\n - media: flexcop-usb: fix endpoint type check (git-fixes).\n - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes).\n - media: imx-jpeg: Correct some definition according specification\n (git-fixes).\n - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes).\n - media: imx-jpeg: Fix potential array out of bounds in queue_setup\n (git-fixes).\n - media: imx-jpeg: Leave a blank space before the configuration data\n (git-fixes).\n - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes).\n - media: mceusb: Use new usb_control_msg_*() routines (git-fixes).\n - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment.\n - media: rkvdec: Disable H.264 error detection (git-fixes).\n - media: st-delta: Fix PM disable depth imbalance in delta_probe\n (git-fixes).\n - media: vsp1: Fix offset calculation for plane cropping.\n - misc: cs35l41: Remove unused pdn variable (bsc#1203699).\n - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes).\n - mlxsw: i2c: Fix initialization error flow (git-fixes).\n - mm: Fix PASID use-after-free issue (bsc#1203908).\n - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch\n failure (git-fixes).\n - mmc: hsq: Fix data stomping during mmc recovery (git-fixes).\n - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).\n - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv\n (git-fixes).\n - net: axienet: fix RX ring refill allocation failure handling (git-fixes).\n - net: axienet: reset core on initialization prior to MDIO access\n (git-fixes).\n - net: bcmgenet: hide status block before TX timestamping (git-fixes).\n - net: bcmgenet: Revert \"Use stronger register read/writes to assure\n ordering\" (git-fixes).\n - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).\n - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator\n (git-fixes).\n - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes).\n - net: dsa: felix: fix tagging protocol changes with multiple CPU ports\n (git-fixes).\n - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).\n - net: dsa: introduce helpers for iterating through ports using dp\n (git-fixes).\n - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes).\n - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes).\n - net: dsa: microchip: fix bridging with more than two member ports\n (git-fixes).\n - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes).\n - net: dsa: mt7530: add missing of_node_put() in mt7530_setup()\n (git-fixes).\n - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr\n (git-fixes).\n - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register\n (git-fixes).\n - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes).\n - net: emaclite: Add error handling for of_address_to_resource()\n (git-fixes).\n - net: enetc: Use pci_release_region() to release some resources\n (git-fixes).\n - net: ethernet: mediatek: ppe: fix wrong size passed to memset()\n (git-fixes).\n - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address()\n (git-fixes).\n - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link\n (git-fixes).\n - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes).\n - net: fec: add missing of_node_put() in fec_enet_init_stop_mode()\n (git-fixes).\n - net: ftgmac100: access hardware register after clock ready (git-fixes).\n - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes).\n - net: hns3: fix the concurrency between functions reading debugfs\n (git-fixes).\n - net: ipa: get rid of a duplicate initialization (git-fixes).\n - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes).\n - net: ipa: record proper RX transaction count (git-fixes).\n - net: macb: Fix PTP one step sync support (git-fixes).\n - net: macb: Increment rx bd head after allocating skb and buffer\n (git-fixes).\n - net: mana: Add rmb after checking owner bits (git-fixes).\n - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).\n - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).\n - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller\n (git-fixes).\n - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP\n filters (git-fixes).\n - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP\n over IP (git-fixes).\n - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes).\n - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware\n when deleted (git-fixes).\n - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set()\n (git-fixes).\n - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups\n (git-fixes).\n - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0\n (git-fixes).\n - net: phy: aquantia: wait for the suspend/resume operations to finish\n (git-fixes).\n - net: phy: at803x: move page selection fix to config_init (git-fixes).\n - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume()\n (git-fixes).\n - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes).\n - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes).\n - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management\n (git-fixes).\n - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume\n (git-fixes).\n - net: stmmac: dwmac-sun8i: add missing of_node_put() in\n sun8i_dwmac_register_mdio_mux() (git-fixes).\n - net: stmmac: enhance XDP ZC driver level switching performance\n (git-fixes).\n - net: stmmac: fix out-of-bounds access in a selftest (git-fixes).\n - net: stmmac: Fix unset max_speed difference between DT and non-DT\n platforms (git-fixes).\n - net: stmmac: only enable DMA interrupts when ready (git-fixes).\n - net: stmmac: perserve TX and RX coalesce value during XDP setup\n (git-fixes).\n - net: stmmac: remove unused get_addr() callback (git-fixes).\n - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes).\n - net: systemport: Fix an error handling path in bcm_sysport_probe()\n (git-fixes).\n - net: thunderbolt: Enable DMA paths only after rings are enabled\n (git-fixes).\n - net: usb: qmi_wwan: add Quectel RM520N (git-fixes).\n - net: wwan: iosm: Call mutex_init before locking it (git-fixes).\n - net: wwan: iosm: remove pointless null check (git-fixes).\n - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes).\n - net/mlx5: Drain fw_reset when removing device (git-fixes).\n - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes).\n - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes).\n - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes).\n - net/mlx5e: Remove HW-GRO from reported features (git-fixes).\n - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes).\n - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes).\n - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()\n (git-fixes).\n - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).\n - NFS: fix problems with __nfs42_ssc_open (git-fixes).\n - NFS: Fix races in the legacy idmapper upcall (git-fixes).\n - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes).\n - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).\n - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).\n - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).\n - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0\n (git-fixes).\n - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes).\n - NFSD: Clean up the show_nf_flags() macro (git-fixes).\n - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes).\n - NFSD: Fix offset type in I/O trace points (git-fixes).\n - NFSD: Report RDMA connection errors to the server (git-fixes).\n - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes).\n - of/device: Fix up of_dma_configure_id() stub (git-fixes).\n - of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).\n - parisc/sticon: fix reverse colors (bsc#1152489)\n - parisc/stifb: Fix fb_is_primary_device() only available with\n (bsc#1152489)\n - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489)\n - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489)\n - PCI: Correct misspelled words (git-fixes).\n - PCI: Disable MSI for Tegra234 Root Ports (git-fixes).\n - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes).\n - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387).\n - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes).\n - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes).\n - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes).\n - platform/surface: aggregator_registry: Add support for Surface Laptop Go\n 2 (git-fixes).\n - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap\n fixes (git-fixes).\n - platform/x86: i2c-multi-instantiate: Rename it for a generic serial\n driver name (bsc#1203699).\n - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop\n (bsc#1203699).\n - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699).\n - platform/x86: serial-multi-instantiate: Reorganize I2C functions\n (bsc#1203699).\n - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL\n (bsc#1194869).\n - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).\n - regulator: core: Clean up on enable failure (git-fixes).\n - regulator: pfuze100: Fix the global-out-of-bounds access in\n pfuze100_regulator_probe() (git-fixes).\n - regulator: qcom_rpm: Fix circular deferral regression (git-fixes).\n - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).\n - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197\n LTC#199895).\n - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).\n - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039).\n - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).\n - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID\n cases (bsc#1203939).\n - scsi: lpfc: Add reporting capability for Link Degrade Signaling\n (bsc#1203939).\n - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).\n - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload\n (bsc#1203939).\n - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same\n NPort ID (bsc#1203939).\n - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).\n - scsi: lpfc: Fix various issues reported by tools (bsc#1203939).\n - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed\n phba (bsc#1185032 bsc#1203939).\n - scsi: lpfc: Remove the unneeded result variable (bsc#1203939).\n - scsi: lpfc: Remove unneeded result variable (bsc#1203939).\n - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd\n (bsc#1203939).\n - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE\n (bsc#1203939).\n - scsi: lpfc: Rework FDMI attribute registration for unintential padding\n (bsc#1203939).\n - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency\n (bsc#1203939).\n - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager\n application (bsc#1203939).\n - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).\n - scsi: mpt3sas: Fix use-after-free warning (git-fixes).\n - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).\n - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status\n (bsc#1203935).\n - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1()\n (bsc#1203935).\n - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).\n - scsi: qla2xxx: Define static symbols (bsc#1203935).\n - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX\n (bsc#1203935).\n - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).\n - scsi: qla2xxx: Enhance driver tracing with separate tunable and more\n (bsc#1203935).\n - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).\n - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).\n - scsi: qla2xxx: Fix response queue handler reading stale packets\n (bsc#1203935).\n - scsi: qla2xxx: Fix spelling mistake \"definiton\" \"definition\"\n (bsc#1203935).\n - scsi: qla2xxx: Log message \"skipping scsi_scan_host()\" as informational\n (bsc#1203935).\n - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).\n - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).\n - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).\n - scsi: qla2xxx: Revert \"scsi: qla2xxx: Fix response queue handler reading\n stale packets\" (bsc#1203935).\n - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).\n - scsi: Revert \"scsi: qla2xxx: Fix disk failure to rediscover\" (git-fixes).\n - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893).\n - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).\n - selftests: Fix the if conditions of in test_extra_filter() (git-fixes).\n - selftests: forwarding: add shebang for sch_red.sh (git-fixes).\n - selftests: forwarding: Fix failing tests with old libnet (git-fixes).\n - serial: atmel: remove redundant assignment in rs485_config (git-fixes).\n - serial: Create uart_xmit_advance() (git-fixes).\n - serial: fsl_lpuart: Reset prior to registration (git-fixes).\n - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting\n (git-fixes).\n - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting\n (git-fixes).\n - soc: sunxi: sram: Actually claim SRAM regions (git-fixes).\n - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).\n - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).\n - spi: Add API to count spi acpi resources (bsc#1203699).\n - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699).\n - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes).\n - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes).\n - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes).\n - spi: propagate error code to the caller of acpi_spi_device_alloc()\n (bsc#1203699).\n - spi: qup: add missing clk_disable_unprepare on error in\n spi_qup_pm_resume_runtime() (git-fixes).\n - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()\n (git-fixes).\n - spi: Return deferred probe error when controller isn't yet available\n (bsc#1203699).\n - spi: s3c64xx: Fix large transfers with DMA (git-fixes).\n - spi: Support selection of the index of the ACPI Spi Resource before\n alloc (bsc#1203699).\n - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe\n (git-fixes).\n - struct ehci_hcd: hide new element going into a hole (git-fixes).\n - struct xhci_hcd: restore member now dynamically allocated (git-fixes).\n - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).\n - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).\n - SUNRPC: fix expiry of auth creds (git-fixes).\n - SUNRPC: Fix xdr_encode_bool() (git-fixes).\n - SUNRPC: Reinitialise the backchannel request buffers before reuse\n (git-fixes).\n - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).\n - thunderbolt: Add support for Intel Maple Ridge single port controller\n (git-fixes).\n - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).\n - tty: serial: atmel: Preserve previous USART mode if RS485 disabled\n (git-fixes).\n - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes).\n - USB: add quirks for Lenovo OneLink+ Dock (git-fixes).\n - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).\n - USB: core: Fix RST error in hub.c (git-fixes).\n - USB: core: Prevent nested device-reset calls (git-fixes).\n - USB: Drop commas after SoC match table sentinels (git-fixes).\n - USB: dwc3: core: leave default DMA if the controller does not support\n 64-bit DMA (git-fixes).\n - USB: dwc3: disable USB core PHY management (git-fixes).\n - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind\n (git-fixes).\n - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes).\n - USB: dwc3: gadget: Refactor pullup() (git-fixes).\n - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes).\n - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes).\n - USB: Fix memory leak in usbnet_disconnect() (git-fixes).\n - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes).\n - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes).\n - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes).\n - USB: serial: cp210x: add Decagon UCA device id (git-fixes).\n - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).\n - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).\n - USB: serial: option: add Quectel EM060K modem (git-fixes).\n - USB: serial: option: add Quectel RM520N (git-fixes).\n - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode\n (git-fixes).\n - USB: serial: option: add support for OPPO R11 diag port (git-fixes).\n - USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes).\n - USB: struct usb_device: hide new member (git-fixes).\n - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device\n (git-fixes).\n - USB: typec: tipd: Add an additional overflow check (git-fixes).\n - USB: typec: tipd: Do not read/write more bytes than required (git-fixes).\n - USB: typec: ucsi: Remove incorrect warning (git-fixes).\n - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes).\n - vfio/type1: Unpin zero pages (git-fixes).\n - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).\n - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes).\n - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write\n (git-fixes).\n - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814).\n - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement\n (jsc#SLE-19924, jsc#SLE-24814).\n - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814).\n - virt: sevguest: Add support to get extended report (jsc#SLE-19924,\n jsc#SLE-24814).\n - virt: sevguest: Fix bool function returning negative value\n (jsc#SLE-19924, jsc#SLE-24814).\n - virt: sevguest: Fix return value check in alloc_shared_pages()\n (jsc#SLE-19924, jsc#SLE-24814).\n - vrf: fix packet sniffing for traffic originating from ip tunnels\n (git-fixes).\n - vt: Clear selection before changing the font (git-fixes).\n - watchdog: wdat_wdt: Set the min and max timeout values properly\n (bsc#1194023).\n - wifi: ath10k: add peer map clean up for peer delete in\n ath10k_sta_state() (git-fixes).\n - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes).\n - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in\n il4965_rs_fill_link_cmd() (git-fixes).\n - wifi: mac80211_hwsim: check length for virtio packets (git-fixes).\n - wifi: mac80211: allow bw change during channel switch in mesh\n (git-fixes).\n - wifi: mac80211: fix regression with non-QoS drivers (git-fixes).\n - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).\n - wifi: mt76: fix reading current per-tid starting sequence number for\n aggregation (git-fixes).\n - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in\n mt7615_sta_set_decap_offload (git-fixes).\n - wifi: mt76: mt7915: do not check state before configuring implicit\n beamform (git-fixes).\n - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes).\n - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes).\n - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes).\n - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes).\n - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).\n - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask\n (git-fixes).\n - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()\n (git-fixes).\n - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes).\n - wifi: rtw88: add missing destroy_workqueue() on error path in\n rtw_core_init() (git-fixes).\n - workqueue: do not skip lockdep work dependency in cancel_work_sync()\n (git-fixes).\n - x86/boot: Add a pointer to Confidential Computing blob in bootparams\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/boot: Put globals that are accessed early into the .data section\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/boot: Use MSR read/write helpers instead of inline assembly\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed: Add helper for validating pages in the decompression\n stage (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/compressed: Register GHCB memory when SEV-SNP is active\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/64: Add identity mapping for Confidential Computing blob\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/64: Detect/setup SEV/SME features earlier during boot\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/acpi: Move EFI config table lookup to helper\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/compressed/acpi: Move EFI kexec handling into common code\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/acpi: Move EFI system table lookup to helper\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/acpi: Move EFI vendor table lookup to helper\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814).\n - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969).\n - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/kexec: fix memory leak of elf header buffer (bsc#1196444).\n - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814).\n - x86/sev: Add helper for validating pages in early enc attribute changes\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/sev: Add missing __init annotations to SEV init routines\n (jsc#SLE-19924 jsc#SLE-24814).\n - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814).\n - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814).\n - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/xen: Remove undefined behavior in setup_features() (git-fixes).\n - xen-blkback: Advertise feature-persistent as user requested (git-fixes).\n - xen-blkback: Apply 'feature_persistent' parameter when connect\n (git-fixes).\n - xen-blkback: fix persistent grants negotiation (git-fixes).\n - xen-blkfront: Advertise feature-persistent as user requested (git-fixes).\n - xen-blkfront: Apply 'feature_persistent' parameter when connect\n (git-fixes).\n - xen-blkfront: Cache feature_persistent value before advertisement\n (git-fixes).\n - xen-blkfront: Handle NULL gendisk (git-fixes).\n - xen-netback: only remove 'hotplug-status' when the vif is actually\n destroyed (git-fixes).\n - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).\n - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).\n - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages()\n (git-fixes).\n - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes).\n - xhci: Allocate separate command structures for each LPM command\n (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-3844=1\n\n - SUSE Linux Enterprise Workstation Extension 15-SP4:\n\n zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3844=1\n\n - SUSE Linux Enterprise Module for Live Patching 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3844=1\n\n Please note that this is the initial kernel livepatch without fixes\n itself, this livepatch package is later updated by seperate standalone\n livepatch updates.\n\n - SUSE Linux Enterprise Module for Legacy Software 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3844=1\n\n - SUSE Linux Enterprise Module for Development Tools 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3844=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3844=1\n\n - SUSE Linux Enterprise Micro 5.3:\n\n zypper in -t patch SUSE-SLE-Micro-5.3-2022-3844=1\n\n - SUSE Linux Enterprise High Availability 15-SP4:\n\n zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3844=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-02T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1263", "CVE-2022-2586", "CVE-2022-3202", "CVE-2022-32296", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-39189", "CVE-2022-41218", "CVE-2022-41674", "CVE-2022-41848", "CVE-2022-41849", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721", "CVE-2022-42722"], "modified": "2022-11-02T00:00:00", "id": "SUSE-SU-2022:3844-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DGDNZY2EZSGOZPKLTI6X7OR6IXYBSQYW/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-14T17:26:19", "description": "An update that solves 9 vulnerabilities, contains 12\n features and has 38 fixes is now available.\n\nDescription:\n\n\n The SUSE Linux Enterprise 15 SP4 kernel was updated.\n\n The following security bugs were fixed:\n\n - CVE-2022-3303: Fixed a race condition in the sound subsystem due to\n improper locking (bnc#1203769).\n - CVE-2022-41218: Fixed an use-after-free caused by refcount races in\n drivers/media/dvb-core/dmxdev.c (bnc#1202960).\n - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that\n could lead a local user to able to crash the system or escalate their\n privileges (bnc#1203552).\n - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a\n physically proximate attacker removes a PCMCIA device while calling\n ioctl (bnc#1203987).\n - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a\n physically proximate attacker removes a USB device while calling open\n (bnc#1203992).\n - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft\n table is deleted (bnc#1202095).\n - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM\n when releasing a vCPU with dirty ring support enabled. This flaw allowed\n an unprivileged local attacker on the host to issue specific ioctl\n calls, causing a kernel oops condition that results in a denial of\n service (bnc#1198189).\n - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File\n System. This could allow a local attacker to crash the system or leak\n kernel internal information (bnc#1203389).\n - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows\n unprivileged guest users to compromise the guest kernel because TLB\n flush operations are mishandled (bnc#1203066).\n\n The following non-security bugs were fixed:\n\n - ACPI / scan: Create platform device for CS35L41 (bsc#1203699).\n - ACPI: processor idle: Practically limit \"Dummy wait\" workaround to old\n Intel systems (bsc#1203767).\n - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes).\n - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699).\n - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699).\n - ALSA: aloop: Fix random zeros in capture data when using jiffies timer\n (git-fixes).\n - ALSA: core: Fix double-free at snd_card_new() (git-fixes).\n - ALSA: cs35l41: Check hw_config before using it (bsc#1203699).\n - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699).\n - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699).\n - ALSA: cs35l41: Unify hardware configuration (bsc#1203699).\n - ALSA: emu10k1: Fix out of bounds access in\n snd_emu10k1_pcm_channel_alloc() (git-fixes).\n - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).\n - ALSA: hda: cs35l41: Add Amp Name based on channel and index\n (bsc#1203699).\n - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699).\n - ALSA: hda: cs35l41: Add calls to newly added test key function\n (bsc#1203699).\n - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence\n (bsc#1203699).\n - ALSA: hda: cs35l41: Add initial DSP support and firmware loading\n (bsc#1203699).\n - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699).\n - ALSA: hda: cs35l41: Add module parameter to control firmware load\n (bsc#1203699).\n - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699).\n - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699).\n - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations\n (bsc#1203699).\n - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699).\n - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699).\n - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties\n (bsc#1203699).\n - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41\n (bsc#1203699).\n - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699).\n - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699).\n - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops\n (bsc#1203699).\n - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference\n (bsc#1203699).\n - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699).\n - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name\n (bsc#1203699).\n - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699).\n - ALSA: hda: cs35l41: Handle all external boost setups the same way\n (bsc#1203699).\n - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699).\n - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699).\n - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe()\n (bsc#1203699).\n - ALSA: hda: cs35l41: Move boost config to initialization code\n (bsc#1203699).\n - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace\n (bsc#1203699).\n - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use\n (bsc#1203699).\n - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699).\n - ALSA: hda: cs35l41: Put the device into safe mode for external boost\n (bsc#1203699).\n - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables\n (bsc#1203699).\n - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699).\n - ALSA: hda: cs35l41: Remove Set Channel Map api from binding\n (bsc#1203699).\n - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699).\n - ALSA: hda: cs35l41: Save codec object inside component struct\n (bsc#1203699).\n - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver\n (bsc#1203699).\n - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop\n (bsc#1203699).\n - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699).\n - ALSA: hda: cs35l41: Support Firmware switching and reloading\n (bsc#1203699).\n - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699).\n - ALSA: hda: cs35l41: Support multiple load paths for firmware\n (bsc#1203699).\n - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699).\n - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699).\n - ALSA: hda: cs35l41: Tidyup code (bsc#1203699).\n - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699).\n - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699).\n - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699).\n - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount\n saturation (git-fixes).\n - ALSA: hda: Fix Nvidia dp infoframe (git-fixes).\n - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly\n (bsc#1203699).\n - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699).\n - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls\n (bsc#1203699).\n - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720).\n - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699).\n - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699).\n - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699).\n - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static\n (bsc#1203699).\n - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699).\n - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants\n (bsc#1203699).\n - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration\n (bsc#1203699).\n - ALSA: hda/cs8409: Re-order quirk table into ascending order\n (bsc#1203699).\n - ALSA: hda/cs8409: Support manual mode detection for CS42L42\n (bsc#1203699).\n - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699).\n - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699).\n - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699).\n - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver\n (bsc#1203699).\n - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED\n (git-fixes).\n - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops\n (bsc#1203699).\n - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9\n (bsc#1203699).\n - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).\n - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).\n - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).\n - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model\n (bsc#1203699).\n - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).\n - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699).\n - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41\n (bsc#1203699).\n - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699).\n - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699).\n - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop\n (git-fixes).\n - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop\n (git-fixes).\n - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on\n EliteBook 845/865 G9 (bsc#1203699).\n - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops\n (bsc#1203699).\n - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops\n (bsc#1203699).\n - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699).\n - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec\n (bsc#1203699).\n - ALSA: hda/realtek: More robust component matching for CS35L41\n (bsc#1203699).\n - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).\n - ALSA: hda/sigmatel: Fix unused variable warning for beep power change\n (git-fixes).\n - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes).\n - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).\n - ALSA: hda/tegra: set depop delay for tegra (git-fixes).\n - ALSA: hda/tegra: Update scratch reg. communication (git-fixes).\n - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes).\n - ALSA: usb-audio: Fix an out-of-bounds bug in\n __snd_usb_parse_audio_interface() (git-fixes).\n - ALSA: usb-audio: Inform the delayed registration more properly\n (git-fixes).\n - ALSA: usb-audio: Register card again for iface over delayed_register\n option (git-fixes).\n - ALSA: usb-audio: Split endpoint setups for hw_params and prepare\n (git-fixes).\n - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes).\n - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes).\n - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes).\n - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes).\n - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes).\n - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes).\n - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma\n (git-fixes).\n - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes).\n - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes)\n Enable this errata fix configuration option to arm64/default.\n - arm64: kexec_file: use more system keyrings to verify kernel image\n signature (bsc#1196444).\n - arm64: lib: Import latest version of Arm Optimized Routines' strcmp\n (git-fixes)\n - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes)\n - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes).\n - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699).\n - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699).\n - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699).\n - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699).\n - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver\n (bsc#1203699).\n - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).\n - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).\n - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699).\n - ASoC: cs35l41: Add support for hibernate memory retention mode\n (bsc#1203699).\n - ASoC: cs35l41: Binding fixes (bsc#1203699).\n - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699).\n - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699).\n - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699).\n - ASoC: cs35l41: Correct DSP power down (bsc#1203699).\n - ASoC: cs35l41: Correct handling of some registers in the cache\n (bsc#1203699).\n - ASoC: cs35l41: Correct some control names (bsc#1203699).\n - ASoC: cs35l41: Create shared function for boost configuration\n (bsc#1203699).\n - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699).\n - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699).\n - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699).\n - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699).\n - ASoC: cs35l41: Do not print error when waking from hibernation\n (bsc#1203699).\n - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699).\n - ASoC: cs35l41: DSP Support (bsc#1203699).\n - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues\n (bsc#1203699).\n - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN\n (bsc#1203699).\n - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t\n (bsc#1203699).\n - ASoC: cs35l41: Fix DSP mbox start command and global enable order\n (bsc#1203699).\n - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699).\n - ASoC: cs35l41: Fix link problem (bsc#1203699).\n - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699).\n - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699).\n - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699).\n - ASoC: cs35l41: Fixup the error messages (bsc#1203699).\n - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699).\n - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699).\n - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code\n (bsc#1203699).\n - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699).\n - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699).\n - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code\n (bsc#1203699).\n - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699).\n - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware\n (bsc#1203699).\n - ASoC: cs35l41: Remove incorrect comment (bsc#1203699).\n - ASoC: cs35l41: Remove unnecessary param (bsc#1203699).\n - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699).\n - ASoC: cs35l41: Support external boost (bsc#1203699).\n - ASoC: cs35l41: Update handling of test key registers (bsc#1203699).\n - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot\n (bsc#1203699).\n - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699).\n - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START\n (bsc#1203699).\n - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable\n (bsc#1203699).\n - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts\n (bsc#1203699).\n - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling\n (bsc#1203699).\n - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699).\n - ASoC: cs42l42: Do not reconfigure the PLL while it is running\n (bsc#1203699).\n - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt\n (bsc#1203699).\n - ASoC: cs42l42: free_irq() before powering-down on probe() fail\n (bsc#1203699).\n - ASoC: cs42l42: Handle system suspend (bsc#1203699).\n - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699).\n - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699).\n - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script\n (bsc#1203699).\n - ASoC: cs42l42: Move CS42L42 register descriptions to general include\n (bsc#1203699).\n - ASoC: cs42l42: Only report button state if there was a button interrupt\n (git-fixes).\n - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler\n (bsc#1203699).\n - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699).\n - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699).\n - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks\n (bsc#1203699).\n - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks\n (bsc#1203699).\n - ASoC: cs42l42: Report full jack status when plug is detected\n (bsc#1203699).\n - ASoC: cs42l42: Report initial jack state (bsc#1203699).\n - ASoC: cs42l42: Reset and power-down on remove() and failed probe()\n (bsc#1203699).\n - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699).\n - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699).\n - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699).\n - ASoC: cs42l42: Use two thresholds and increased wait time for manual\n type detection (bsc#1203699).\n - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699).\n - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes).\n - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes).\n - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes).\n - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes).\n - ASoC: qcom: sm8250: add missing module owner (git-fixes).\n - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720).\n - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720).\n - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652).\n - ASoC: tas2770: Reinit regcache on reset (git-fixes).\n - ASoC: wm_adsp: Add support for \"toggle\" preloaders (bsc#1203699).\n - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699).\n - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699).\n - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed\n (bsc#1203699).\n - ASoC: wm_adsp: Correct control read size when parsing compressed buffer\n (bsc#1203699).\n - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699).\n - ASoC: wm_adsp: Fix event for preloader (bsc#1203699).\n - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699).\n - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699).\n - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699).\n - ASoC: wm_adsp: Move check for control existence (bsc#1203699).\n - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699).\n - ASoC: wm_adsp: move firmware loading to client (bsc#1203699).\n - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699).\n - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core\n (bsc#1203699).\n - ASoC: wm_adsp: remove a repeated including (bsc#1203699).\n - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699).\n - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699).\n - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699).\n - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699).\n - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699).\n - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699).\n - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops\n (bsc#1203699).\n - ASoC: wm_adsp: Split DSP power operations into helper functions\n (bsc#1203699).\n - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699).\n - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers\n (bsc#1203699).\n - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret'\n (bsc#1203699).\n - batman-adv: Fix hang up with small MTU hard-interface (git-fixes).\n - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend\n (git-fixes).\n - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure\n (git-fixes).\n - Bluetooth: hci_core: Fix not handling link timeouts propertly\n (git-fixes).\n - bnx2x: fix built-in kernel driver load failure (git-fixes).\n - bnx2x: fix driver load from initrd (git-fixes).\n - btrfs: fix relocation crash due to premature return from\n btrfs_commit_transaction() (bsc#1203360).\n - btrfs: fix space cache corruption and potential double allocations\n (bsc#1203361).\n - build mlx in x86_64/azure as modules again (bsc#1203701) There is little\n gain by having the drivers built into the kernel. Having them as modules\n allows easy replacement by third party drivers.\n - can: gs_usb: gs_can_open(): fix race dev->can.state condition\n (git-fixes).\n - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes).\n - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()\n (bsc#1196869).\n - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory\n (bsc#1203906).\n - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902).\n - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock\n (bsc#1196869).\n - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes).\n - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc()\n (git-fixes).\n - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks\n (git-fixes).\n - clk: ingenic-tcu: Properly enable registers before accessing timers\n (git-fixes).\n - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).\n - constraints: increase disk space for all architectures References:\n bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show\n that it is very close to the limit.\n - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)\n - cs-dsp and serial-multi-instantiate enablement (bsc#1203699)\n - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682).\n - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755).\n - dmaengine: idxd: change MSIX allocation based on per wq activation\n (jsc#PED-664).\n - dmaengine: idxd: create locked version of idxd_quiesce() call\n (jsc#PED-682).\n - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664).\n - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664).\n - dmaengine: idxd: fix retry value to be constant for duration of function\n call (git-fixes).\n - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682).\n - dmaengine: idxd: handle invalid interrupt handle descriptors\n (jsc#PED-682).\n - dmaengine: idxd: int handle management refactoring (jsc#PED-682).\n - dmaengine: idxd: match type for retries var in idxd_enqcmds()\n (git-fixes).\n - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682).\n - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682).\n - dmaengine: idxd: set defaults for wq configs (jsc#PED-688).\n - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763).\n - dmaengine: ti: k3-udma-private: Fix refcount leak bug in\n of_xudma_dev_get() (git-fixes).\n - docs: i2c: i2c-topology: fix incorrect heading (git-fixes).\n - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes).\n - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes).\n - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes).\n - drm/amd/display: Limit user regamma to a valid value (git-fixes).\n - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack\n usage (git-fixes).\n - drm/amd/display: Reduce number of arguments of dml31's\n CalculateFlipSchedule() (git-fixes).\n - drm/amd/display: Reduce number of arguments of dml31's\n CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes).\n - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid\n cards (git-fixes).\n - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).\n - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).\n - drm/amdgpu: make sure to init common IP before gmc (git-fixes).\n - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).\n - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega\n (git-fixes).\n - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega\n (git-fixes).\n - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device\n to psp_hw_fini (git-fixes).\n - drm/amdgpu: Separate vf2pf work item init from virt data exchange\n (git-fixes).\n - drm/amdgpu: use dirty framebuffer helper (git-fixes).\n - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes).\n - drm/bridge: lt8912b: add vsync hsync (git-fixes).\n - drm/bridge: lt8912b: fix corrupted image output (git-fixes).\n - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes).\n - drm/gem: Fix GEM handle release errors (git-fixes).\n - drm/gma500: Fix BUG: sleeping function called from invalid context\n errors (git-fixes).\n - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes).\n - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes).\n - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).\n - drm/i915/gt: Restrict forced preemption to the active context\n (git-fixes).\n - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks\n (git-fixes).\n - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()\n (git-fixes).\n - drm/meson: Correct OSD1 global alpha value (git-fixes).\n - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).\n - drm/msm/rd: Fix FIFO-full deadlock (git-fixes).\n - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes).\n - drm/panfrost: devfreq: set opp to the recommended one to configure\n regulator (git-fixes).\n - drm/radeon: add a force flush to delay work when radeon (git-fixes).\n - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).\n - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes).\n - dt-bindings: hwmon: (mr75203) fix \"intel,vm-map\" property to be optional\n (git-fixes).\n - EDAC/dmc520: Do not print an error for each unconfigured interrupt line\n (bsc#1190497).\n - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).\n - efi: libstub: Disable struct randomization (git-fixes).\n - eth: alx: take rtnl_lock on resume (git-fixes).\n - eth: sun: cassini: remove dead code (git-fixes).\n - explicit set MODULE_SIG_HASH in azure config (bsc#1203933) Setting this\n option became mandatory in Feb 2022. While the lack of this option did\n not cause issues with automated builds, a manual osc build started to\n fail due to incorrect macro expansion.\n - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472)\n Backporting changes: \t* context fixes in other patch \t* update config\n - fbcon: Fix accelerated fbdev scrolling while logo is still shown\n (bsc#1152472)\n - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()\n (git-fixes).\n - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes).\n - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes).\n - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic\n DSPs (bsc#1203699).\n - firmware: cs_dsp: Add lockdep asserts to interface functions\n (bsc#1203699).\n - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699).\n - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699).\n - firmware: cs_dsp: Add pre_run callback (bsc#1203699).\n - firmware: cs_dsp: Add pre_stop callback (bsc#1203699).\n - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699).\n - firmware: cs_dsp: Add version checks on coefficient loading\n (bsc#1203699).\n - firmware: cs_dsp: Allow creation of event controls (bsc#1203699).\n - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699).\n - firmware: cs_dsp: Clear core reset for cache (bsc#1203699).\n - firmware: cs_dsp: Fix overrun of unterminated control name string\n (bsc#1203699).\n - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer\n (bsc#1203699).\n - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl\n (bsc#1203699).\n - firmware: cs_dsp: Print messages from bin files (bsc#1203699).\n - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699).\n - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace\n is dead (git-fixes).\n - fuse: Remove the control interface for virtio-fs (bsc#1203798).\n - gpio: mockup: fix NULL pointer dereference when removing debugfs\n (git-fixes).\n - gpio: mockup: remove gpio debugfs when remove device (git-fixes).\n - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx\n (git-fixes).\n - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes).\n - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully\n (git-fixes).\n - gve: Fix GFP flags when allocing pages (git-fixes).\n - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message\n (git-fixes).\n - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).\n - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes).\n - hwmon: (mr75203) enable polling for all VM channels (git-fixes).\n - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes).\n - hwmon: (mr75203) fix VM sensor allocation when \"intel,vm-map\" not\n defined (git-fixes).\n - hwmon: (mr75203) fix voltage equation for negative source input\n (git-fixes).\n - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888\n controller (git-fixes).\n - hwmon: (tps23861) fix byte order in resistance register (git-fixes).\n - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699).\n - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible\n (git-fixes).\n - i2c: mlxbf: Fix frequency calculation (git-fixes).\n - i2c: mlxbf: incorrect base address passed during io write (git-fixes).\n - i2c: mlxbf: prevent stack overflow in\n mlxbf_i2c_smbus_start_transaction() (git-fixes).\n - i2c: mlxbf: support lock mechanism (git-fixes).\n - ice: Allow operation with reduced device MSI-X (bsc#1201987).\n - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes).\n - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes).\n - ice: fix crash when writing timestamp on RX rings (git-fixes).\n - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes).\n - ice: fix possible under reporting of ethtool Tx and Rx statistics\n (git-fixes).\n - ice: Fix race during aux device (un)plugging (git-fixes).\n - ice: Match on all profiles in slow-path (git-fixes).\n - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).\n - igb: skip phy status check where unavailable (git-fixes).\n - Input: goodix - add compatible string for GT1158 (git-fixes).\n - Input: goodix - add support for GT1158 (git-fixes).\n - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).\n - Input: iqs62x-keys - drop unused device node references (git-fixes).\n - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).\n - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).\n - kABI workaround for spi changes (bsc#1203699).\n - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236).\n - kABI: fix adding another field to scsi_device (bsc#1203039).\n - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814).\n - kbuild: disable header exports for UML in a straightforward way\n (git-fixes).\n - kexec_file: drop weak attribute from functions (bsc#1196444).\n - kexec, KEYS, s390: Make use of built-in and secondary keyring for\n signature verification (bsc#1196444).\n - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).\n - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).\n - kexec: drop weak attribute from functions (bsc#1196444).\n - KVM: SVM: Create a separate mapping for the GHCB save area\n (jsc#SLE-19924, jsc#SLE-24814).\n - KVM: SVM: Create a separate mapping for the SEV-ES save area\n (jsc#SLE-19924, jsc#SLE-24814).\n - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924,\n jsc#SLE-24814).\n - KVM: SVM: fix tsc scaling cache logic (bsc#1203263).\n - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924,\n jsc#SLE-24814).\n - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes).\n - KVM: X86: Fix when shadow_root_level=5 && guest root_level<4\n (git-fixes).\n - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi()\n (git-fixes).\n - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall\n (git-fixes).\n - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924,\n jsc#SLE-24814).\n - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205\n (git-fixes).\n - lockd: detect and reject lock arguments that overflow (git-fixes).\n - md-raid10: fix KASAN warning (git-fixes).\n - md: call __md_stop_writes in md_stop (git-fixes).\n - md: unlock mddev before reap sync_thread in action_store (bsc#1197659).\n - media: aspeed: Fix an error handling path in aspeed_video_probe()\n (git-fixes).\n - media: coda: Add more H264 levels for CODA960 (git-fixes).\n - media: coda: Fix reported H264 profile (git-fixes).\n - media: dvb_vb2: fix possible out of bound access (git-fixes).\n - media: exynos4-is: Change clk_disable to clk_disable_unprepare\n (git-fixes).\n - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe\n (git-fixes).\n - media: flexcop-usb: fix endpoint type check (git-fixes).\n - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes).\n - media: imx-jpeg: Correct some definition according specification\n (git-fixes).\n - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes).\n - media: imx-jpeg: Fix potential array out of bounds in queue_setup\n (git-fixes).\n - media: imx-jpeg: Leave a blank space before the configuration data\n (git-fixes).\n - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes).\n - media: mceusb: Use new usb_control_msg_*() routines (git-fixes).\n - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment.\n - media: rkvdec: Disable H.264 error detection (git-fixes).\n - media: st-delta: Fix PM disable depth imbalance in delta_probe\n (git-fixes).\n - media: vsp1: Fix offset calculation for plane cropping.\n - misc: cs35l41: Remove unused pdn variable (bsc#1203699).\n - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes).\n - mlxsw: i2c: Fix initialization error flow (git-fixes).\n - mm: Fix PASID use-after-free issue (bsc#1203908).\n - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch\n failure (git-fixes).\n - mmc: hsq: Fix data stomping during mmc recovery (git-fixes).\n - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).\n - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv\n (git-fixes).\n - net: axienet: fix RX ring refill allocation failure handling (git-fixes).\n - net: axienet: reset core on initialization prior to MDIO access\n (git-fixes).\n - net: bcmgenet: hide status block before TX timestamping (git-fixes).\n - net: bcmgenet: Revert \"Use stronger register read/writes to assure\n ordering\" (git-fixes).\n - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).\n - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator\n (git-fixes).\n - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes).\n - net: dsa: felix: fix tagging protocol changes with multiple CPU ports\n (git-fixes).\n - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).\n - net: dsa: introduce helpers for iterating through ports using dp\n (git-fixes).\n - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes).\n - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes).\n - net: dsa: microchip: fix bridging with more than two member ports\n (git-fixes).\n - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes).\n - net: dsa: mt7530: add missing of_node_put() in mt7530_setup()\n (git-fixes).\n - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr\n (git-fixes).\n - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register\n (git-fixes).\n - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes).\n - net: emaclite: Add error handling for of_address_to_resource()\n (git-fixes).\n - net: enetc: Use pci_release_region() to release some resources\n (git-fixes).\n - net: ethernet: mediatek: ppe: fix wrong size passed to memset()\n (git-fixes).\n - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address()\n (git-fixes).\n - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link\n (git-fixes).\n - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes).\n - net: fec: add missing of_node_put() in fec_enet_init_stop_mode()\n (git-fixes).\n - net: ftgmac100: access hardware register after clock ready (git-fixes).\n - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes).\n - net: hns3: fix the concurrency between functions reading debugfs\n (git-fixes).\n - net: ipa: get rid of a duplicate initialization (git-fixes).\n - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes).\n - net: ipa: record proper RX transaction count (git-fixes).\n - net: macb: Fix PTP one step sync support (git-fixes).\n - net: macb: Increment rx bd head after allocating skb and buffer\n (git-fixes).\n - net: mana: Add rmb after checking owner bits (git-fixes).\n - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).\n - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).\n - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller\n (git-fixes).\n - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP\n filters (git-fixes).\n - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP\n over IP (git-fixes).\n - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes).\n - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware\n when deleted (git-fixes).\n - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set()\n (git-fixes).\n - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups\n (git-fixes).\n - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0\n (git-fixes).\n - net: phy: aquantia: wait for the suspend/resume operations to finish\n (git-fixes).\n - net: phy: at803x: move page selection fix to config_init (git-fixes).\n - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume()\n (git-fixes).\n - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes).\n - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes).\n - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management\n (git-fixes).\n - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume\n (git-fixes).\n - net: stmmac: dwmac-sun8i: add missing of_node_put() in\n sun8i_dwmac_register_mdio_mux() (git-fixes).\n - net: stmmac: enhance XDP ZC driver level switching performance\n (git-fixes).\n - net: stmmac: fix out-of-bounds access in a selftest (git-fixes).\n - net: stmmac: Fix unset max_speed difference between DT and non-DT\n platforms (git-fixes).\n - net: stmmac: only enable DMA interrupts when ready (git-fixes).\n - net: stmmac: perserve TX and RX coalesce value during XDP setup\n (git-fixes).\n - net: stmmac: remove unused get_addr() callback (git-fixes).\n - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes).\n - net: systemport: Fix an error handling path in bcm_sysport_probe()\n (git-fixes).\n - net: thunderbolt: Enable DMA paths only after rings are enabled\n (git-fixes).\n - net: usb: qmi_wwan: add Quectel RM520N (git-fixes).\n - net: wwan: iosm: Call mutex_init before locking it (git-fixes).\n - net: wwan: iosm: remove pointless null check (git-fixes).\n - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes).\n - net/mlx5: Drain fw_reset when removing device (git-fixes).\n - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes).\n - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes).\n - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes).\n - net/mlx5e: Remove HW-GRO from reported features (git-fixes).\n - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes).\n - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes).\n - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()\n (git-fixes).\n - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).\n - NFS: fix problems with __nfs42_ssc_open (git-fixes).\n - NFS: Fix races in the legacy idmapper upcall (git-fixes).\n - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes).\n - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).\n - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).\n - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).\n - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0\n (git-fixes).\n - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes).\n - NFSD: Clean up the show_nf_flags() macro (git-fixes).\n - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes).\n - NFSD: Fix offset type in I/O trace points (git-fixes).\n - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes).\n - of: device: Fix up of_dma_configure_id() stub (git-fixes).\n - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).\n - parisc/sticon: fix reverse colors (bsc#1152489)\n - parisc/stifb: Fix fb_is_primary_device() only available with\n (bsc#1152489)\n - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489)\n - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489)\n - PCI: Correct misspelled words (git-fixes).\n - PCI: Disable MSI for Tegra234 Root Ports (git-fixes).\n - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes).\n - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387).\n - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes).\n - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes).\n - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes).\n - platform/surface: aggregator_registry: Add support for Surface Laptop Go\n 2 (git-fixes).\n - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap\n fixes (git-fixes).\n - platform/x86: i2c-multi-instantiate: Rename it for a generic serial\n driver name (bsc#1203699).\n - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop\n (bsc#1203699).\n - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699).\n - platform/x86: serial-multi-instantiate: Reorganize I2C functions\n (bsc#1203699).\n - pNFS/flexfiles: Report RDMA connection errors to the server (git-fixes).\n - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL\n (bsc#1194869).\n - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).\n - regulator: core: Clean up on enable failure (git-fixes).\n - regulator: pfuze100: Fix the global-out-of-bounds access in\n pfuze100_regulator_probe() (git-fixes).\n - regulator: qcom_rpm: Fix circular deferral regression (git-fixes).\n - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).\n - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197\n LTC#199895).\n - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).\n - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039).\n - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).\n - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID\n cases (bsc#1203939).\n - scsi: lpfc: Add reporting capability for Link Degrade Signaling\n (bsc#1203939).\n - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).\n - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload\n (bsc#1203939).\n - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same\n NPort ID (bsc#1203939).\n - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).\n - scsi: lpfc: Fix various issues reported by tools (bsc#1203939).\n - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed\n phba (bsc#1185032 bsc#1203939).\n - scsi: lpfc: Remove the unneeded result variable (bsc#1203939).\n - scsi: lpfc: Remove unneeded result variable (bsc#1203939).\n - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd\n (bsc#1203939).\n - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE\n (bsc#1203939).\n - scsi: lpfc: Rework FDMI attribute registration for unintential padding\n (bsc#1203939).\n - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency\n (bsc#1203939).\n - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager\n application (bsc#1203939).\n - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).\n - scsi: mpt3sas: Fix use-after-free warning (git-fixes).\n - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).\n - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status\n (bsc#1203935).\n - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1()\n (bsc#1203935).\n - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).\n - scsi: qla2xxx: Define static symbols (bsc#1203935).\n - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX\n (bsc#1203935).\n - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).\n - scsi: qla2xxx: Enhance driver tracing with separate tunable and more\n (bsc#1203935).\n - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).\n - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).\n - scsi: qla2xxx: Fix response queue handler reading stale packets\n (bsc#1203935).\n - scsi: qla2xxx: Fix spelling mistake \"definiton\" -> \"definition\"\n (bsc#1203935).\n - scsi: qla2xxx: Log message \"skipping scsi_scan_host()\" as informational\n (bsc#1203935).\n - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).\n - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).\n - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).\n - scsi: qla2xxx: Revert \"scsi: qla2xxx: Fix response queue handler reading\n stale packets\" (bsc#1203935).\n - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).\n - scsi: Revert \"scsi: qla2xxx: Fix disk failure to rediscover\" (git-fixes).\n - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893).\n - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).\n - selftests: Fix the if conditions of in test_extra_filter() (git-fixes).\n - selftests: forwarding: add shebang for sch_red.sh (git-fixes).\n - selftests: forwarding: Fix failing tests with old libnet (git-fixes).\n - serial: atmel: remove redundant assignment in rs485_config (git-fixes).\n - serial: Create uart_xmit_advance() (git-fixes).\n - serial: fsl_lpuart: Reset prior to registration (git-fixes).\n - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting\n (git-fixes).\n - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting\n (git-fixes).\n - soc: sunxi: sram: Actually claim SRAM regions (git-fixes).\n - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).\n - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).\n - spi: Add API to count spi acpi resources (bsc#1203699).\n - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699).\n - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes).\n - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes).\n - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes).\n - spi: propagate error code to the caller of acpi_spi_device_alloc()\n (bsc#1203699).\n - spi: qup: add missing clk_disable_unprepare on error in\n spi_qup_pm_resume_runtime() (git-fixes).\n - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()\n (git-fixes).\n - spi: Return deferred probe error when controller isn't yet available\n (bsc#1203699).\n - spi: s3c64xx: Fix large transfers with DMA (git-fixes).\n - spi: Support selection of the index of the ACPI Spi Resource before\n alloc (bsc#1203699).\n - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe\n (git-fixes).\n - struct ehci_hcd: hide new element going into a hole (git-fixes).\n - struct xhci_hcd: restore member now dynamically allocated (git-fixes).\n - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).\n - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).\n - SUNRPC: fix expiry of auth creds (git-fixes).\n - SUNRPC: Fix xdr_encode_bool() (git-fixes).\n - SUNRPC: Reinitialise the backchannel request buffers before reuse\n (git-fixes).\n - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).\n - thunderbolt: Add support for Intel Maple Ridge single port controller\n (git-fixes).\n - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).\n - tty: serial: atmel: Preserve previous USART mode if RS485 disabled\n (git-fixes).\n - USB: add quirks for Lenovo OneLink+ Dock (git-fixes).\n - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).\n - USB: core: Fix RST error in hub.c (git-fixes).\n - USB: core: Prevent nested device-reset calls (git-fixes).\n - USB: Drop commas after SoC match table sentinels (git-fixes).\n - USB: dwc3: core: leave default DMA if the controller does not support\n 64-bit DMA (git-fixes).\n - USB: dwc3: disable USB core PHY management (git-fixes).\n - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind\n (git-fixes).\n - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes).\n - USB: dwc3: gadget: Refactor pullup() (git-fixes).\n - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes).\n - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes).\n - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes).\n - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes).\n - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes).\n - USB: serial: cp210x: add Decagon UCA device id (git-fixes).\n - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).\n - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).\n - USB: serial: option: add Quectel EM060K modem (git-fixes).\n - USB: serial: option: add Quectel RM520N (git-fixes).\n - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode\n (git-fixes).\n - USB: serial: option: add support for OPPO R11 diag port (git-fixes).\n - USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).\n - USB: storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes).\n - USB: struct usb_device: hide new member (git-fixes).\n - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device\n (git-fixes).\n - USB: typec: tipd: Add an additional overflow check (git-fixes).\n - USB: typec: tipd: Do not read/write more bytes than required (git-fixes).\n - USB: typec: ucsi: Remove incorrect warning (git-fixes).\n - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes).\n - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).\n - vfio/type1: Unpin zero pages (git-fixes).\n - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).\n - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes).\n - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write\n (git-fixes).\n - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814).\n - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement\n (jsc#SLE-19924, jsc#SLE-24814).\n - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814).\n - virt: sevguest: Add support to get extended report (jsc#SLE-19924,\n jsc#SLE-24814).\n - virt: sevguest: Fix bool function returning negative value\n (jsc#SLE-19924, jsc#SLE-24814).\n - virt: sevguest: Fix return value check in alloc_shared_pages()\n (jsc#SLE-19924, jsc#SLE-24814).\n - vrf: fix packet sniffing for traffic originating from ip tunnels\n (git-fixes).\n - vt: Clear selection before changing the font (git-fixes).\n - watchdog: wdat_wdt: Set the min and max timeout values properly\n (bsc#1194023).\n - wifi: ath10k: add peer map clean up for peer delete in\n ath10k_sta_state() (git-fixes).\n - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes).\n - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in\n il4965_rs_fill_link_cmd() (git-fixes).\n - wifi: mac80211_hwsim: check length for virtio packets (git-fixes).\n - wifi: mac80211: allow bw change during channel switch in mesh\n (git-fixes).\n - wifi: mac80211: fix regression with non-QoS drivers (git-fixes).\n - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).\n - wifi: mt76: fix reading current per-tid starting sequence number for\n aggregation (git-fixes).\n - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in\n mt7615_sta_set_decap_offload (git-fixes).\n - wifi: mt76: mt7915: do not check state before configuring implicit\n beamform (git-fixes).\n - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes).\n - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes).\n - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes).\n - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes).\n - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).\n - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask\n (git-fixes).\n - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()\n (git-fixes).\n - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes).\n - wifi: rtw88: add missing destroy_workqueue() on error path in\n rtw_core_init() (git-fixes).\n - workqueue: do not skip lockdep work dependency in cancel_work_sync()\n (git-fixes).\n - x86/boot: Add a pointer to Confidential Computing blob in bootparams\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/boot: Put globals that are accessed early into the .data section\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/boot: Use MSR read/write helpers instead of inline assembly\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed: Add helper for validating pages in the decompression\n stage (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/compressed: Register GHCB memory when SEV-SNP is active\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/64: Add identity mapping for Confidential Computing blob\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/64: Detect/setup SEV/SME features earlier during boot\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/acpi: Move EFI config table lookup to helper\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/compressed/acpi: Move EFI kexec handling into common code\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/acpi: Move EFI system table lookup to helper\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/compressed/acpi: Move EFI vendor table lookup to helper\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814).\n - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969).\n - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/kexec: fix memory leak of elf header buffer (bsc#1196444).\n - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814).\n - x86/sev: Add helper for validating pages in early enc attribute changes\n (jsc#SLE-19924, jsc#SLE-24814).\n - x86/sev: Add missing __init annotations to SEV init routines\n (jsc#SLE-19924 jsc#SLE-24814).\n - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814).\n - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814).\n - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924,\n jsc#SLE-24814).\n - x86/xen: Remove undefined behavior in setup_features() (git-fixes).\n - xen-blkback: Advertise feature-persistent as user requested (git-fixes).\n - xen-blkback: Apply 'feature_persistent' parameter when connect\n (git-fixes).\n - xen-blkback: fix persistent grants negotiation (git-fixes).\n - xen-blkfront: Advertise feature-persistent as user requested (git-fixes).\n - xen-blkfront: Apply 'feature_persistent' parameter when connect\n (git-fixes).\n - xen-blkfront: Cache feature_persistent value before advertisement\n (git-fixes).\n - xen-blkfront: Handle NULL gendisk (git-fixes).\n - xen-netback: only remove 'hotplug-status' when the vif is actually\n destroyed (git-fixes).\n - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).\n - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).\n - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages()\n (git-fixes).\n - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes).\n - xhci: Allocate separate command structures for each LPM command\n (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-3585=1\n\n - SUSE Linux Enterprise Module for Public Cloud 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3585=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-14T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1263", "CVE-2022-2586", "CVE-2022-3202", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-39189", "CVE-2022-41218", "CVE-2022-41848", "CVE-2022-41849"], "modified": "2022-10-14T00:00:00", "id": "SUSE-SU-2022:3585-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7FKRRFRHCAQCBEBUM6RCCPLZQKKQLI2E/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-31T15:46:23", "description": "An update that solves 32 vulnerabilities, contains two\n features and has 84 fixes is now available.\n\nDescription:\n\n\n The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various\n security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in\n drivers/acpi/apei/einj.c that allowed users to simulate hardware errors\n and consequently cause a denial of service (bnc#1023051).\n - CVE-2020-16119: Fixed a use-after-free due to reuse of a DCCP socket\n with an attached dccps_hc_tx_ccid object as a listener after being\n released (bnc#1177471).\n - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl()\n printer_ioctl() when accessing a deallocated instance (bnc#1202895).\n - CVE-2021-4155: Fixed a data leak flaw that was found in the way\n XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).\n - CVE-2021-4203: Fixed use-after-free read flaw that was found in\n sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (bnc#1194535).\n - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()\n (bsc#1202346).\n - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of\n v4l2-mem2mem.c (bnc#1202347).\n - CVE-2022-2503: Fixed a LoadPin bypass in Dm-verity (bnc#1202677).\n - CVE-2022-2586: Fixed issue in netfilter that allowed CHAIN_ID to refer\n to another table (bsc#1202095).\n - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).\n - CVE-2022-26373: Fixed non-transparent sharing of return predictor\n targets between contexts in some Intel Processors (bnc#1201726).\n - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where\n the message handling could be confused and incorrectly matches the\n message (bnc#1202097).\n - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke\n descriptors (bsc#1202564, bsc#1202860).\n - CVE-2022-2977: Fixed reference counting for struct tpm_chip\n (bsc#1202672).\n - CVE-2022-3028: Fixed race condition that was found in the IP framework\n for transforming packets (XFRM subsystem) (bnc#1202898).\n - CVE-2022-3169: Fixed a denial of service that resulted in a PCIe link\n disconnect (bnc#1203290).\n - CVE-2022-32296: Fixed issue where TCP servers were able to identify\n clients by observing what source ports are used (bnc#1200288).\n - CVE-2022-3239: Fixed a use-after-free in the video4linux driver\n (bnc#1203552).\n - CVE-2022-3303: Fixed a race at SNDCTL_DSP_SYNC (bsc#1203769).\n - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in\n net/xfrm/xfrm_policy.c where a refcount could be dropped twice\n (bnc#1201948).\n - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where\n a device driver can free a page while it still has stale TLB entries\n (bnc#1203107).\n - CVE-2022-39190: Fixed an issue that was discovered in\n net/netfilter/nf_tables_api.c and could cause a denial of service upon\n binding to an already bound chain (bnc#1203117).\n - CVE-2022-40768: Fixed information leak in drivers/scsi/stex.c due to\n stex_queuecommand_lck lack a memset for the PASSTHRU_CMD case\n (bnc#1203514).\n - CVE-2022-41218: Fixed a use-after-free due to refcount races at\n releasing (bsc#1202960).\n - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap\n lock is not held during a PUD move (bnc#1203622).\n - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the\n reception of specific WiFi Frames (bsc#1203770).\n - CVE-2022-41848: Fixed a use-after-free in mgslpc_ops (bsc#1203987).\n - CVE-2022-41849: Fixed a use-after-free in ufx_ops_open() (bsc#1203992).\n - CVE-2022-42719: Fixed MBSSID parsing use-after-free (bsc#1204051).\n - CVE-2022-42720: Fixed BSS refcounting bugs (bsc#1204059).\n - CVE-2022-42721: Avoid nontransmitted BSS list corruption (bsc#1204060).\n - CVE-2022-42722: Fixed crash in beacon protection for P2P-device\n (bsc#1204125).\n\n The following non-security bugs were fixed:\n\n - Fixed parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).\n - acpi: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks\n (git-fixes).\n - acpi: LPSS: Fix missing check in register_device_clock() (git-fixes).\n - acpi: PM: save NVS memory for Lenovo G40-45 (git-fixes).\n - acpi: processor idle: Practically limit \"Dummy wait\" workaround to old\n Intel systems (bnc#1203802).\n - acpi: processor: Remove freq Qos request for all CPUs (git-fixes).\n - acpi: property: Return type of acpi_add_nondev_subnodes() should be bool\n (git-fixes).\n - acpi: video: Force backlight native for some TongFang devices\n (git-fixes).\n - alsa: aloop: Fix random zeros in capture data when using jiffies timer\n (git-fixes).\n - alsa: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).\n - alsa: emu10k1: Fix out of bounds access in\n snd_emu10k1_pcm_channel_alloc() (git-fixes).\n - alsa: hda/cirrus - support for iMac 12,1 model (git-fixes).\n - alsa: hda/conexant: Add quirk for LENOVO 20149 Notebook model\n (git-fixes).\n - alsa: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED\n (git-fixes).\n - alsa: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).\n - alsa: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).\n - alsa: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).\n - alsa: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).\n - alsa: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).\n - alsa: hda/realtek: Add quirk for Clevo L140PU (git-fixes).\n - alsa: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).\n - alsa: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).\n - alsa: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).\n - alsa: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).\n - alsa: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).\n - alsa: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).\n - alsa: hda/realtek: Add quirk for HP Dev One (git-fixes).\n - alsa: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).\n - alsa: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).\n - alsa: hda/realtek: Add quirk for TongFang devices with pop noise\n (git-fixes).\n - alsa: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).\n - alsa: hda/realtek: Add quirk for the Framework Laptop (git-fixes).\n - alsa: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop\n (git-fixes).\n - alsa: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).\n - alsa: hda/realtek: Fix deadlock by COEF mutex (git-fixes).\n - alsa: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).\n - alsa: hda/realtek: Re-arrange quirk table entries (git-fixes).\n - alsa: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).\n - alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).\n - alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine\n (git-fixes).\n - alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP\n machines (git-fixes).\n - alsa: hda/sigmatel: Fix unused variable warning for beep power change\n (git-fixes).\n - alsa: hda/sigmatel: Keep power up while beep is enabled (git-fixes).\n - alsa: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).\n - alsa: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).\n - alsa: info: Fix llseek return value when using callback (git-fixes).\n - alsa: seq: Fix data-race at module auto-loading (git-fixes).\n - alsa: seq: oss: Fix data-race for max_midi_devs access (git-fixes).\n - alsa: usb-audio: Fix an out-of-bounds bug in\n __snd_usb_parse_audio_interface() (git-fixes).\n - alsa: usb-audio: Inform the delayed registration more properly\n (git-fixes).\n - alsa: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II\n (git-fixes).\n - alsa: usb-audio: Register card again for iface over delayed_register\n option (git-fixes).\n - alsa: usb-audio: Split endpoint setups for hw_params and prepare\n (git-fixes).\n - alsa: usb-audio: fix spelling mistakes (git-fixes).\n - arm64/mm: Validate hotplug range before creating linear mapping\n (git-fixes)\n - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1\n (git-fixes)\n - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)\n - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id\n (git-fixes)\n - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to\n (bsc#1202341)\n - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)\n - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma\n (git-fixes)\n - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)\n - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)\n - arm64: kexec_file: use more system keyrings to verify kernel image\n signature (bsc#1196444).\n - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)\n - arm64: mm: fix p?d_leaf() (git-fixes)\n - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds\n (git-fixes)\n - arm64: signal: nofpsimd: Do not allocate fp/simd context when not\n available (git-fixes).\n - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)\n - arm64: tegra: Remove non existent Tegra194 reset (git-fixes)\n - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)\n - arm: 9077/1: PLT: Move struct plt_entries definition to header\n (git-fixes).\n - arm: 9078/1: Add warn suppress parameter to arm_gen_branch_link()\n (git-fixes).\n - arm: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).\n - arm: 9098/1: ftrace: MODULE_PLT: Fix build problem without\n DYNAMIC_FTRACE (git-fixes).\n - asm-generic: sections: refactor memory_intersects (git-fixes).\n - asoc: SOF: debug: Fix potential buffer overflow by snprintf()\n (git-fixes).\n - asoc: audio-graph-card: Add of_node_put() in fail path (git-fixes).\n - asoc: codecs: da7210: add check for i2c_add_driver (git-fixes).\n - asoc: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV\n (git-fixes).\n - asoc: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).\n - asoc: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe\n (git-fixes).\n - asoc: nau8824: Fix semaphore unbalance at error paths (git-fixes).\n - asoc: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).\n - asoc: tas2770: Allow mono streams (git-fixes).\n - asoc: tas2770: Reinit regcache on reset (git-fixes).\n - ata: libata-eh: Add missing command name (git-fixes).\n - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).\n - blk-iocost: clamp inuse and skip noops in __propagate_weights()\n (bsc#1202722).\n - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).\n - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).\n - blk-iocost: rename propagate_active_weights() to propagate_weights()\n (bsc#1202722).\n - blktrace: fix blk_rq_merge documentation (git-fixes).\n - bluetooth: L2CAP: Fix build errors in some archs (git-fixes).\n - bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).\n - bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).\n - bpf: Compile out btf_parse_module() if module BTF is not enabled\n (git-fixes).\n - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).\n - can: gs_usb: gs_can_open(): fix race dev->can.state condition\n (git-fixes).\n - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).\n - ceph: do not truncate file in atomic_open (bsc#1202811).\n - cgroup: Trace event cgroup id fields should be u64 (git-fixes).\n - cgroup: Use separate src/dst nodes when preloading css_sets for\n migration (bsc#1201610).\n - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory\n (bsc#1203906).\n - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).\n - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).\n - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).\n - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks\n (git-fixes).\n - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).\n - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).\n - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).\n - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).\n - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)\n - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)\n - devlink: Fix use-after-free after a failed reload (git-fixes).\n - dm raid: fix KASAN warning in raid5_add_disks (git-fixes).\n - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed\n (git-fixes).\n - dpaa2-eth: unregister the netdev before disconnecting from the PHY\n (git-fixes).\n - driver core: Do not probe devices after bus_type.match() probe deferral\n (git-fixes).\n - drm/amd/display: Limit user regamma to a valid value (git-fixes).\n - drm/amdgpu: Check BO's requested pinning domains against its\n preferred_domains (git-fixes).\n - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).\n - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).\n - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).\n - drm/amdgpu: remove useless condition in\n amdgpu_job_stop_all_jobs_on_sched() (git-fixes).\n - drm/amdgpu: use dirty framebuffer helper (git-fixes).\n - drm/gem: Fix GEM handle release errors (git-fixes).\n - drm/gem: Properly annotate WW context on drm_gem_lock_reservations()\n error (git-fixes).\n - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).\n - drm/i915/reg: Fix spelling mistake \"Unsupport\" -> \"Unsupported\"\n (git-fixes).\n - drm/meson: Correct OSD1 global alpha value (git-fixes).\n - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).\n - drm/meson: Fix overflow implicit truncation warnings (git-fixes).\n - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()\n (git-fixes).\n - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).\n - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).\n - drm/msm/dsi: fix the inconsistent indenting (git-fixes).\n - drm/msm/rd: Fix FIFO-full deadlock (git-fixes).\n - drm/radeon: add a force flush to delay work when radeon (git-fixes).\n - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).\n - drm/sun4i: dsi: Prevent underflow when computing packet sizes\n (git-fixes).\n - dtb: Do not include sources in src.rpm - refer to kernel-source Same as\n other kernel binary packages there is no need to carry duplicate sources\n in dtb packages.\n - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).\n - ehea: fix error return code in ehea_restart_qps() (git-fixes).\n - enetc: Fix endianness issues for enetc_qos (git-fixes).\n - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()\n (git-fixes).\n - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).\n - ext4: add reserved GDT blocks check (bsc#1202712).\n - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).\n - ext4: do not use the orphan list when migrating an inode (bsc#1197756).\n - ext4: fix bug_on in ext4_writepages (bsc#1200872).\n - ext4: fix error handling code in add_new_gdb (bsc#1179722).\n - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).\n - ext4: fix invalid inode checksum (bsc#1179723).\n - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).\n - ext4: fix overhead calculation to account for the reserved gdt blocks\n (bsc#1200869).\n - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).\n - ext4: fix race when reusing xattr blocks (bsc#1198971).\n - ext4: fix symlink file size not match to file content (bsc#1200868).\n - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).\n - ext4: fix use-after-free in ext4_search_dir (bsc#1202710).\n - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).\n - ext4: force overhead calculation if the s_overhead_cluster makes no\n sense (bsc#1200870).\n - ext4: recover csum seed of tmp_inode after migrating to extents\n (bsc#1202713).\n - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).\n - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).\n - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).\n - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()\n (git-fixes).\n - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).\n - firmware: tegra: bpmp: Do only aligned access to IPC memory area\n (git-fixes).\n - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped\n pages (bsc#1200873).\n - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace\n is dead (git-fixes).\n - fuse: Remove the control interface for virtio-fs (bsc#1203137).\n - fuse: ioctl: translate ENOSYS (bsc#1203136).\n - fuse: limit nsec (bsc#1203135).\n - gadgetfs: ep_io - wait until IRQ finishes (git-fixes).\n - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).\n - geneve: fix TOS inheriting for ipv4 (git-fixes).\n - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx\n (git-fixes).\n - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).\n - hid: alps: Declare U1_UNICORN_LEGACY support (git-fixes).\n - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message\n (git-fixes).\n - hid: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).\n - hid: steam: Prevent NULL pointer dereference in steam_{recv,send}_report\n (git-fixes).\n - hid: wacom: Do not register pad_input for touch switch (git-fixes).\n - hid: wacom: Only report rotation for art pen (git-fixes).\n - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info\n (bsc#1202701).\n - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).\n - i2c: imx: Make sure to unregister adapter on remove() (git-fixes).\n - ice: report supported and advertised autoneg using PHY capabilities\n (git-fixes).\n - ieee802154/adf7242: defer destroy_workqueue call (git-fixes).\n - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).\n - iio: adc: mcp3911: make use of the sign bit (git-fixes).\n - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).\n - ima: force signature verification when CONFIG_KEXEC_SIG is configured\n (bsc#1203737).\n - input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).\n - input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag\n (git-fixes).\n - input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).\n - input: rk805-pwrkey - fix module autoloading (git-fixes).\n - input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).\n - intel_th: pci: Add Meteor Lake-P support (git-fixes).\n - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).\n - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).\n - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement\n (git-fixes).\n - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop\n (git-fixes).\n - iommu/exynos: Handle failed IOMMU device registration properly\n (git-fixes).\n - iommu/iova: Improve 32-bit free space estimate (git-fixes).\n - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).\n - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).\n - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).\n - iommu/omap: Fix regression in probe for NULL pointer dereference\n (git-fixes).\n - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).\n - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).\n - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).\n - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)\n (git-fixes).\n - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).\n - ipmi: ssif: initialize ssif_info->client early (git-fixes).\n - ixgbevf: add correct exception tracing for XDP (git-fixes).\n - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal\n aborted (bsc#1202716).\n - jbd2: fix outstanding credits assert in\n jbd2_journal_commit_transaction() (bsc#1202715).\n - jfs: fix GPF in diFree (bsc#1203389).\n - jfs: fix memleak in jfs_mount (git-fixes).\n - jfs: more checks for invalid superblock (git-fixes).\n - jfs: prevent NULL deref in diFree (bsc#1203389).\n - kABI: x86: kexec: hide new include from genksyms (bsc#1196444).\n - kabi: cgroup: Restore KABI of css_set (bsc#1201610).\n - kbuild: do not create built-in objects for external module builds\n (jsc#SLE-24559 bsc#1202756).\n - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862\n git-fixes).\n - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).\n - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages\n - kernel-obs-build: include qemu_fw_cfg (boo#1201705)\n - kernel-source: include the kernel signature file We assume that the\n upstream tarball is used for released kernels. Then we can also include\n the signature file and keyring in the kernel-source src.rpm. Because of\n mkspec code limitation exclude the signature and keyring from binary\n packages always - mkspec does not parse spec conditionals.\n - kexec, KEYS, s390: Make use of built-in and secondary keyring for\n signature verification (bsc#1196444).\n - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).\n - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).\n - kexec: do not verify the signature without the lockdown or mandatory\n signature (bsc#1203737).\n - kexec: drop weak attribute from functions (bsc#1196444).\n - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]\n (bsc#1196444).\n - kexec_file: drop weak attribute from functions (bsc#1196444).\n - kfifo: fix kfifo_to_user() return type (git-fixes).\n - kfifo: fix ternary sign extension bugs (git-fixes).\n - kvm: PPC: Book3S HV: Context tracking exit guest context before enabling\n irqs (bsc#1065729).\n - kvm: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB\n (bsc#1156395).\n - kvm: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()\n (bsc#1156395).\n - kvm: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).\n - kvm: PPC: Use arch_get_random_seed_long instead of powernv variant\n (bsc#1156395).\n - kvm: VMX: Refuse to load kvm_intel if EPT and NX are disabled\n (git-fixes).\n - kvm: nVMX: Let userspace set nVMX MSR to any _host_ supported value\n (git-fixes).\n - kvm: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case\n (git-fixes).\n - kvm: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case\n (git-fixes).\n - kvm: x86: Mark TSS busy during LTR emulation _after_ all fault checks\n (git-fixes).\n - kvm: x86: Set error code to segment selector on LLDT/LTR non-canonical\n #GP (git-fixes).\n - kvm: x86: accept userspace interrupt only if no event is injected\n (git-fixes).\n - lib/list_debug.c: Detect uninitialized lists (git-fixes).\n - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc()\n (git-fixes).\n - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205\n (git-fixes).\n - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420\n ZDI-CAN-17325).\n - list: add \"list_del_init_careful()\" to go with \"list_empty_careful()\"\n (bsc#1202745).\n - locking/lockdep: Avoid potential access of invalid memory in lock_class\n (git-fixes).\n - loop: Fix missing discard support when using LOOP_CONFIGURE\n (bsc#1202718).\n - mbcache: add functions to delete entry if unused (bsc#1198971).\n - mbcache: do not reclaim used entries (bsc#1198971).\n - md-raid10: fix KASAN warning (git-fixes).\n - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).\n - md: call __md_stop_writes in md_stop (git-fixes).\n - md: unlock mddev before reap sync_thread in action_store (bsc#1197659).\n - media: aspeed-video: ignore interrupts that are not enabled (git-fixes).\n - media: coda: Add more H264 levels for CODA960 (git-fixes).\n - media: coda: Fix reported H264 profile (git-fixes).\n - media: dvb_vb2: fix possible out of bound access (git-fixes).\n - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).\n - mfd: t7l66xb: Drop platform disable callback (git-fixes).\n - misc: fastrpc: fix memory corruption on open (git-fixes).\n - misc: fastrpc: fix memory corruption on probe (git-fixes).\n - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with\n @SOURCES@, just include the content there.\n - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse\n (git-fixes, bsc#1203098).\n - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).\n - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).\n - mm: pagewalk: Fix race between unmap and page walker (git-fixes,\n bsc#1203159).\n - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock\n (bsc#1201990).\n - mm: smaps*: extend smap_gather_stats to support specified beginning\n (bsc#1201990).\n - mmap locking API: add mmap_lock_is_contended() (bsc#1201990).\n - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).\n - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).\n - mmc: pxamci: Fix another error handling path in pxamci_probe()\n (git-fixes).\n - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols\n (git-fixes).\n - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).\n - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).\n - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).\n - mtd: rawnand: meson: Fix a potential double free issue (git-fixes).\n - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release\n (git-fixes).\n - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path\n (git-fixes).\n - net/mlx5e: Check for needed capability for cvlan matching (git-fixes).\n - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).\n - net: cpsw: Properly initialise struct page_pool_params (git-fixes).\n - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).\n - net: davinci_emac: Fix incorrect masking of tx and rx error channel\n (git-fixes).\n - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).\n - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).\n - net: enetc: Use pci_release_region() to release some resources\n (git-fixes).\n - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).\n - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).\n - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).\n - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).\n - net: ethernet: ezchip: fix error handling (git-fixes).\n - net: ethernet: ezchip: remove redundant check (git-fixes).\n - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).\n - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory\n (git-fixes).\n - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).\n - net: fec_ptp: add clock rate zero check (git-fixes).\n - net: hns: Fix kernel-doc (git-fixes).\n - net: lantiq: fix memory corruption in RX ring (git-fixes).\n - net: mana: Add rmb after checking owner bits (git-fixes).\n - net: mana: Add support of XDP_REDIRECT action (bsc#1201310, jsc#PED-529).\n - net: mana: Add the Linux MANA PF driver (bsc#1201309, jsc#PED-529).\n - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).\n - net: mscc: ocelot: correctly report the timestamping RX filters in\n ethtool (git-fixes).\n - net: mscc: ocelot: do not downgrade timestamping RX filters in\n SIOCSHWTSTAMP (git-fixes).\n - net: netcp: Fix an error message (git-fixes).\n - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).\n - net: rose: fix netdev reference changes (git-fixes).\n - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale\n pointer (git-fixes).\n - net: stmicro: handle clk_prepare() failure during init (git-fixes).\n - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).\n - net: stmmac: dwmac1000: Fix extended MAC address registers definition\n (git-fixes).\n - net: usb: qmi_wwan: add Quectel RM520N (git-fixes).\n - net: vmxnet3: fix possible NULL pointer dereference in\n vmxnet3_rq_cleanup() (bsc#1200431).\n - net: vmxnet3: fix possible use-after-free bugs in\n vmxnet3_rq_alloc_rx_buf() (bsc#1200431).\n - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c\n (bsc#1200431).\n - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send\n (git-fixes).\n - net:enetc: allocate CBD ring data memory using DMA coherent methods\n (git-fixes).\n - net_sched: cls_route: disallow handle of 0 (bsc#1202393).\n - nfs: fix nfs_path in case of a rename retry (git-fixes).\n - nfsd: Add missing NFSv2 .pc_func methods (git-fixes).\n - nfsd: Clamp WRITE offsets (git-fixes).\n - nfsd: Fix offset type in I/O trace points (git-fixes).\n - nfsd: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).\n - nfsd: fix use-after-free due to delegation race (git-fixes).\n - nfsd: prevent integer overflow on 32 bit systems (git-fixes).\n - nfsd: prevent underflow in nfssvc_decode_writeargs() (git-fixes).\n - nfsv4.1: Do not decrease the value of seq_nr_highest_sent (git-fixes).\n - nfsv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly\n (git-fixes).\n - nfsv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).\n - nfsv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag\n (git-fixes).\n - nfsv4: Fix races in the legacy idmapper upcall (git-fixes).\n - nfsv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).\n - nfsv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error\n (git-fixes).\n - ntb: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).\n - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).\n - nvme-rdma: Handle number of queue changes (bsc#1201865).\n - nvme-tcp: Handle number of queue changes (bsc#1201865).\n - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).\n - nvme: fix RCU hole that allowed for endless looping in multipath round\n robin (bsc#1202636).\n - nvmet: Expose max queues to configfs (bsc#1201865).\n - objtool: Add support for intra-function calls (bsc#1202396).\n - objtool: Make handle_insn_ops() unconditional (bsc#1202396).\n - objtool: Remove INSN_STACK (bsc#1202396).\n - objtool: Rework allocating stack_ops on decode (bsc#1202396).\n - objtool: Support multiple stack_op per instruction (bsc#1202396).\n - ocfs2: drop acl cache for directories too (bsc#1191667).\n - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).\n - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).\n - of/device: Fix up of_dma_configure_id() stub (git-fixes).\n - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).\n - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638).\n - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638).\n - parisc/sticon: fix reverse colors (bsc#1152489).\n - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489)\n - pci/acpi: Guard ARM64-specific mcfg_quirks (git-fixes).\n - pci: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).\n - pci: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).\n - pci: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).\n - pci: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).\n - pci: hv: Make the code arch neutral by adding arch specific interfaces\n (bsc#1200845).\n - pci: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).\n - pci: hv: Reuse existing IRTE allocation in compose_msi_msg()\n (bsc#1200845).\n - pci: qcom: Fix pipe clock imbalance (git-fixes).\n - perf bench: Share some global variables to fix build with gcc 10\n (git-fixes).\n - pinctrl/rockchip: fix gpio device creation (git-fixes).\n - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map\n (git-fixes).\n - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).\n - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes).\n - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).\n - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap\n fixes (git-fixes).\n - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).\n - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).\n - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).\n - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for\n PMI check in power_pmu_disable (bsc#1156395).\n - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).\n - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).\n - powerpc/powernv: Staticify functions without prototypes (bsc#1065729).\n - powerpc/powernv: delay rng platform device creation until later in boot\n (bsc#1065729).\n - powerpc/powernv: rename remaining rng powernv_ functions to pnv_\n (bsc#1065729).\n - powerpc/powernv: wire up rng during setup_arch (bsc#1065729).\n - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).\n - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).\n - powerpc: Enable execve syscall exit tracepoint (bsc#1065729).\n - powerpc: define get_cycles macro for arch-override (bsc#1065729).\n - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).\n - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).\n - profiling: fix shift too large makes kernel panic (git-fixes).\n - psi: Fix uaf issue when psi trigger is destroyed while being polled\n (bsc#1203909).\n - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).\n - random: fix crash on multiple early calls to add_bootloader_randomness()\n (git-fixes).\n - ratelimit: Fix data-races in ___ratelimit() (git-fixes).\n - regulator: core: Clean up on enable failure (git-fixes).\n - regulator: pfuze100: Fix the global-out-of-bounds access in\n pfuze100_regulator_probe() (git-fixes).\n - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr\n (bsc#1202714).\n - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config\n (git-fixes).\n - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).\n - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).\n - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)\n We do the move only on 15.5+.\n - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and\n print line are the same for both cases. The usrmerged case only ignores\n more, so refactor it to make it more obvious.\n - rpm/kernel-source.spec.in: simplify finding of broken symlinks \"find\n -xtype l\" will report them, so use that to make the search a bit faster\n (without using shell).\n - s390/crash: fix incorrect number of bytes to copy to user space\n (git-fixes).\n - s390/crash: make copy_oldmem_page() return number of bytes copied\n (git-fixes).\n - s390/mm: do not trigger write fault when vma does not allow VM_WRITE\n (git-fixes).\n - s390/mm: fix 2KB pgtable release race (git-fixes).\n - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594\n LTC#197522).\n - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).\n - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984\n LTC#199607).\n - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607).\n - s390/qeth: improve selection of ethtool link modes (bsc#1202984\n LTC#199607).\n - s390/qeth: set static link info during initialization (bsc#1202984\n LTC#199607).\n - s390/qeth: tolerate error when querying card info (bsc#1202984\n LTC#199607).\n - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607).\n - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid\n (git-fixes).\n - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).\n - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID\n cases (bsc#1203939).\n - scsi: lpfc: Add reporting capability for Link Degrade Signaling\n (bsc#1203939).\n - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE\n (bsc#1203063).\n - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).\n - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).\n - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).\n - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload\n (bsc#1203939).\n - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same\n NPort ID (bsc#1203939).\n - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for\n GFT_ID (bsc#1203063).\n - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).\n - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT\n discovery (bsc#1203063).\n - scsi: lpfc: Fix various issues reported by tools (bsc#1203939).\n - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed\n phba (bsc#1185032 bsc#1203939).\n - scsi: lpfc: Remove SANDiags related code (bsc#1203063).\n - scsi: lpfc: Remove the unneeded result variable (bsc#1203939).\n - scsi: lpfc: Remove unneeded result variable (bsc#1203939).\n - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd\n (bsc#1203939).\n - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE\n (bsc#1203939).\n - scsi: lpfc: Rework FDMI attribute registration for unintential padding\n (bsc#1203939).\n - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).\n - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency\n (bsc#1203939).\n - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager\n application (bsc#1203939).\n - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).\n - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).\n - scsi: mpt3sas: Fix use-after-free warning (git-fixes).\n - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status\n (bsc#1203935).\n - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).\n - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1()\n (bsc#1203935).\n - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).\n - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX\n (bsc#1203935).\n - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).\n - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).\n - scsi: qla2xxx: Fix response queue handler reading stale packets\n (bsc#1203935).\n - scsi: qla2xxx: Log message \"skipping scsi_scan_host()\" as informational\n (bsc#1203935).\n - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).\n - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).\n - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).\n - scsi: qla2xxx: Revert \"scsi: qla2xxx: Fix response queue handler reading\n stale packets\" (bsc#1203935).\n - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).\n - scsi: sg: Allow waiting for commands to complete on removed device\n (git-fixes).\n - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).\n - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).\n - scsi: smartpqi: Update LUN reset handler (bsc#1200622).\n - selftests: futex: Use variable MAKE instead of make (git-fixes).\n - serial: 8250_dw: Store LSR into lsr_saved_flags in\n dw8250_tx_wait_empty() (git-fixes).\n - serial: Create uart_xmit_advance() (git-fixes).\n - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).\n - serial: mvebu-uart: uart2 error bits clearing (git-fixes).\n - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting\n (git-fixes).\n - serial: tegra: Change lower tolerance baud rate limit for tegra20 and\n tegra30 (git-fixes).\n - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting\n (git-fixes).\n - silence nfscache allocation warnings with kvzalloc (git-fixes).\n - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs\n (git-fixes).\n - soc: sunxi: sram: Actually claim SRAM regions (git-fixes).\n - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).\n - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).\n - spi: Fix incorrect cs_setup delay handling (git-fixes).\n - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).\n - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).\n - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions\n (git-fixes).\n - squashfs: fix divide error in calculate_skip() (git-fixes).\n - staging: rtl8712: fix use after free bugs (git-fixes).\n - struct ehci_hcd: hide new member (git-fixes).\n - struct otg_fsm: hide new boolean member in gap (git-fixes).\n - sunrpc: Clean up scheduling of autoclose (git-fixes).\n - sunrpc: Do not call connect() more than once on a TCP socket (git-fixes).\n - sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes).\n - sunrpc: Do not leak sockets in xs_local_connect() (git-fixes).\n - sunrpc: Fix READ_PLUS crasher (git-fixes).\n - sunrpc: Fix misplaced barrier in call_decode (git-fixes).\n - sunrpc: Prevent immediate close+reconnect (git-fixes).\n - sunrpc: RPC level errors should set task->tk_rpc_status (git-fixes).\n - sunrpc: Reinitialise the backchannel request buffers before reuse\n (git-fixes).\n - sunrpc: fix expiry of auth creds (git-fixes).\n - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes).\n - tee: optee: Fix incorrect page free bug (git-fixes).\n - thermal: Fix NULL pointer dereferences in of_thermal_ functions\n (git-fixes).\n - thermal: sysfs: Fix cooling_device_stats_setup() error code path\n (git-fixes).\n - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).\n - tools/thermal: Fix possible path truncations (git-fixes).\n - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).\n - tracing/histograms: Fix memory leak problem (git-fixes).\n - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).\n - tracing: Add ustring operation to filtering string pointers (git-fixes).\n - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).\n - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data\n (git-fixes).\n - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).\n - tty: serial: lpuart: disable flow control while waiting for the transmit\n engine to complete (git-fixes).\n - tty: vt: initialize unicode screen buffer (git-fixes).\n - usb-storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes).\n - usb.h: struct usb_device: hide new member (git-fixes).\n - usb: add quirks for Lenovo OneLink+ Dock (git-fixes).\n - usb: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).\n - usb: core: Fix RST error in hub.c (git-fixes).\n - usb: core: Prevent nested device-reset calls (git-fixes).\n - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).\n - usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).\n - usb: dwc3: disable USB core PHY management (git-fixes).\n - usb: dwc3: ep0: Fix delay status handling (git-fixes).\n - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind\n (git-fixes).\n - usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).\n - usb: dwc3: gadget: Fix IN endpoint max packet size allocation\n (git-fixes).\n - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).\n - usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).\n - usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).\n - usb: dwc3: gadget: Remove unnecessary checks (git-fixes).\n - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback\n (git-fixes).\n - usb: dwc3: gadget: Store resource index of start cmd (git-fixes).\n - usb: dwc3: qcom: fix missing optional irq warnings.\n - usb: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).\n - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS\n (git-fixes).\n - usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes).\n - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).\n - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of\n uvcg_info (git-fixes).\n - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).\n - usb: otg-fsm: Fix hrtimer list corruption (git-fixes).\n - usb: renesas: Fix refcount leak bug (git-fixes).\n - usb: serial: ch341: fix disabled rx timer on older devices (git-fixes).\n - usb: serial: ch341: fix lost character on LCR updates (git-fixes).\n - usb: serial: ch341: name prescaler, divisor registers (git-fixes).\n - usb: serial: cp210x: add Decagon UCA device id (git-fixes).\n - usb: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).\n - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes).\n - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes).\n - usb: serial: option: add Quectel EM060K modem (git-fixes).\n - usb: serial: option: add Quectel RM520N (git-fixes).\n - usb: serial: option: add Quectel RM520N (git-fixes).\n - usb: serial: option: add support for Cinterion MV32-WA/WB RmNet mode\n (git-fixes).\n - usb: serial: option: add support for OPPO R11 diag port (git-fixes).\n - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).\n - usb: typec: altmodes/displayport: correct pin assignment for UFP\n receptacles (git-fixes).\n - usb: typec: ucsi: Remove incorrect warning (git-fixes).\n - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes).\n - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes).\n - usb: xhci-mtk: add some schedule error number (git-fixes).\n - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes).\n - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes).\n - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule\n (git-fixes).\n - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).\n - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).\n - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).\n - vboxguest: Do not use devm for irq (git-fixes).\n - vfio/ccw: Remove UUID from s390 debug log (git-fixes).\n - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).\n - video: fbdev: arkfb: Check the size of screen before memset_io()\n (git-fixes).\n - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()\n (git-fixes).\n - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).\n - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write\n (git-fixes).\n - video: fbdev: s3fb: Check the size of screen before memset_io()\n (git-fixes).\n - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).\n - video: fbdev: vt8623fb: Check the size of screen before memset_io()\n (git-fixes).\n - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).\n - vmci: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).\n - vmci: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291,\n jsc#SLE-24635).\n - vmci: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC\n (bsc#1199291, jsc#SLE-24635).\n - vmci: Fix some error handling paths in vmci_guest_probe_device()\n (bsc#1199291, jsc#SLE-24635).\n - vmci: Release notification_bitmap in error path (bsc#1199291,\n jsc#SLE-24635).\n - vmci: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).\n - vmci: dma dg: add support for DMA datagrams receive (bsc#1199291,\n jsc#SLE-24635).\n - vmci: dma dg: add support for DMA datagrams sends (bsc#1199291,\n jsc#SLE-24635).\n - vmci: dma dg: allocate send and receive buffers for DMA datagrams\n (bsc#1199291, jsc#SLE-24635).\n - vmci: dma dg: detect DMA datagram capability (bsc#1199291,\n jsc#SLE-24635).\n - vmci: dma dg: register dummy IRQ handlers for DMA datagrams\n (bsc#1199291, jsc#SLE-24635).\n - vmci: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).\n - vmci: dma dg: whitespace formatting change for vmci register defines\n (bsc#1199291, jsc#SLE-24635).\n - vmxnet3: Implement ethtool's get_channels command (bsc#1200431).\n - vmxnet3: Record queue number to incoming packets (bsc#1200431).\n - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).\n - vmxnet3: add command to set ring buffer sizes (bsc#1200431).\n - vmxnet3: add support for capability registers (bsc#1200431).\n - vmxnet3: add support for large passthrough BAR register (bsc#1200431).\n - vmxnet3: add support for out of order rx completion (bsc#1200431).\n - vmxnet3: disable overlay offloads if UPT device does not support\n (bsc#1200431).\n - vmxnet3: do not reschedule napi for rx processing (bsc#1200431).\n - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).\n - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).\n - vmxnet3: prepare for version 7 changes (bsc#1200431).\n - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).\n - vmxnet3: update to version 7 (bsc#1200431).\n - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).\n - vsock: Fix memory leak in vsock_connect() (git-fixes).\n - vsock: Set socket state back to SS_UNCONNECTED in\n vsock_connect_timeout() (git-fixes).\n - vt: Clear selection before changing the font (git-fixes).\n - vt: selection, introduce vc_is_sel (git-fixes).\n - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in\n armada_37xx_wdt_probe() (git-fixes).\n - watchdog: wdat_wdt: Set the min and max timeout values properly\n (bsc#1194023).\n - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()\n (git-fixes).\n - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in\n il4965_rs_fill_link_cmd() (git-fixes).\n - wifi: mac80211: Do not finalize CSA in IBSS mode if state is\n disconnected (git-fixes).\n - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).\n - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).\n - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).\n - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).\n - x86/bugs: Reenable retbleed=off While for older kernels the return\n thunks are statically built in and cannot be dynamically patched out,\n retbleed=off should still work so that it can be disabled.\n - x86/kexec: fix memory leak of elf header buffer (bsc#1196444).\n - x86/olpc: fix 'logical not is only applied to the left hand side'\n (git-fixes).\n - x86/xen: Remove undefined behavior in setup_features() (git-fixes).\n - xen/xenbus: fix return type in xenbus_file_read() (git-fixes).\n - xfs: Fix assert failure in xfs_setattr_size() (git-fixes).\n - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).\n - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).\n - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).\n - xfs: mark a data structure sick if there are cross-referencing errors\n (git-fixes).\n - xfs: only reset incore inode health state flags when reclaiming an inode\n (git-fixes).\n - xfs: prevent a UAF when log IO errors race with unmount (git-fixes).\n - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).\n - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).\n - xprtrdma: Fix cwnd update ordering (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap Micro 5.2:\n\n zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3809=1\n\n - SUSE Linux Enterprise Module for Realtime 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-3809=1\n\n - SUSE Linux Enterprise Micro 5.2:\n\n zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3809=1\n\n - SUSE Linux Enterprise Micro 5.1:\n\n zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3809=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-31T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3695", "CVE-2020-16119", "CVE-2020-27784", "CVE-2021-4155", "CVE-2021-4203", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-2503", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2663", "CVE-2022-2905", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-3169", "CVE-2022-32296", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-36879", "CVE-2022-39188", "CVE-2022-39190", "CVE-2022-40768", "CVE-2022-41218", "CVE-2022-41222", "CVE-2022-41674", "CVE-2022-41848", "CVE-2022-41849", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721", "CVE-2022-42722"], "modified": "2022-10-31T00:00:00", "id": "SUSE-SU-2022:3809-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3LJICZKVJDVME5I426RHINRC4LIKDKOF/", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2022-10-18T15:38:29", "description": "An update that solves 26 vulnerabilities, contains two\n features and has 89 fixes is now available.\n\nDescription:\n\n\n The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive\n various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2022-39190: Fixed an issue that was discovered in\n net/netfilter/nf_tables_api.c and could cause a denial of service upon\n binding to an already bound chain (bnc#1203117).\n - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where\n a device driver can free a page while it still has stale TLB entries\n (bnc#1203107).\n - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in\n net/xfrm/xfrm_policy.c where a refcount could be dropped twice\n (bnc#1201948).\n - CVE-2022-3028: Fixed race condition that was found in the IP framework\n for transforming packets (XFRM subsystem) (bnc#1202898).\n - CVE-2022-2977: Fixed reference counting for struct tpm_chip\n (bsc#1202672).\n - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke\n descriptors (bsc#1202564, bsc#1202860).\n - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where\n the message handling could be confused and incorrectly matches the\n message (bnc#1202097).\n - CVE-2022-2639: Fixed an integer coercion error that was found in the\n openvswitch kernel module (bnc#1202154).\n - CVE-2022-26373: Fixed non-transparent sharing of return predictor\n targets between contexts in some Intel Processors (bnc#1201726).\n - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).\n - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of\n v4l2-mem2mem.c (bnc#1202347).\n - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()\n (bsc#1202346).\n - CVE-2021-4203: Fixed use-after-free read flaw that was found in\n sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (bnc#1194535).\n - CVE-2021-4155: Fixed a data leak flaw that was found in the way\n XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).\n - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where\n an attacker was able to inject data into or terminate a victim's TCP\n session (bnc#1196616).\n - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl()\n printer_ioctl() when accessing a deallocated instance (bnc#1202895).\n - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in\n drivers/acpi/apei/einj.c that allowed users to simulate hardware errors\n and consequently cause a denial of service (bnc#1023051).\n - CVE-2022-3303: Fixed a race condition in the sound subsystem due to\n improper locking (bnc#1203769).\n - CVE-2022-41218: Fixed an use-after-free caused by refcount races in\n drivers/media/dvb-core/dmxdev.c (bnc#1202960).\n - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that\n could lead a local user to able to crash the system or escalate their\n privileges (bnc#1203552).\n - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a\n physically proximate attacker removes a PCMCIA device while calling\n ioctl (bnc#1203987).\n - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a\n physically proximate attacker removes a USB device while calling open\n (bnc#1203992).\n - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft\n table is deleted (bnc#1202095).\n - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap\n lock is not held during a PUD move (bnc#1203622).\n - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads\n allowed users with root privileges to switch out the target with an\n equivalent dm-linear target and bypass verification till reboot. This\n allowed root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel\n execution and persistence for peripherals that do not verify firmware\n updates (bnc#1202677).\n - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a\n local attacker due to reuse of a DCCP socket. (bnc#1177471)\n\n The following non-security bugs were fixed:\n\n - ACPI: APEI: Better fix to avoid spamming the console with old error logs\n (git-fixes).\n - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).\n - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks\n (git-fixes).\n - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).\n - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).\n - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).\n - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool\n (git-fixes).\n - ACPI: video: Force backlight native for some TongFang devices\n (git-fixes).\n - ACPI: video: Shortening quirk list by identifying Clevo by board_name\n only (git-fixes).\n - ALSA: aloop: Fix random zeros in capture data when using jiffies timer\n (git-fixes).\n - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).\n - ALSA: emu10k1: Fix out of bounds access in\n snd_emu10k1_pcm_channel_alloc() (git-fixes).\n - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).\n - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model\n (git-fixes).\n - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED\n (git-fixes).\n - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).\n - ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).\n - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).\n - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).\n - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).\n - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).\n - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes).\n - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise\n (git-fixes).\n - ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).\n - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).\n - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).\n - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).\n - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).\n - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine\n (git-fixes).\n - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP\n machines (git-fixes).\n - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).\n - ALSA: info: Fix llseek return value when using callback (git-fixes).\n - ALSA: seq: Fix data-race at module auto-loading (git-fixes).\n - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).\n - ALSA: usb-audio: Fix an out-of-bounds bug in\n __snd_usb_parse_audio_interface() (git-fixes).\n - ALSA: usb-audio: fix spelling mistakes (git-fixes).\n - ALSA: usb-audio: Inform the delayed registration more properly\n (git-fixes).\n - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II\n (git-fixes).\n - ALSA: usb-audio: Register card again for iface over delayed_register\n option (git-fixes).\n - ALSA: usb-audio: Split endpoint setups for hw_params and prepare\n (git-fixes).\n - ARM: 9077/1: PLT: Move struct plt_entries definition to header\n (git-fixes).\n - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()\n (git-fixes).\n - ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).\n - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without\n DYNAMIC_FTRACE (git-fixes).\n - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1\n (git-fixes)\n - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)\n - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to\n (bsc#1202341)\n - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id\n (git-fixes)\n - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)\n - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma\n (git-fixes)\n - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)\n - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)\n - arm64: kexec_file: use more system keyrings to verify kernel image\n signature (bsc#1196444).\n - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)\n - arm64: mm: fix p?d_leaf() (git-fixes)\n - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds\n (git-fixes)\n - arm64: mm: Validate hotplug range before creating linear mapping\n (git-fixes)\n - arm64: signal: nofpsimd: Do not allocate fp/simd context when not\n available (git-fixes).\n - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)\n - arm64: tegra: Remove non existent Tegra194 reset (git-fixes)\n - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)\n - asm-generic: sections: refactor memory_intersects (git-fixes).\n - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).\n - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).\n - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV\n (git-fixes).\n - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).\n - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe\n (git-fixes).\n - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).\n - ASoC: SOF: debug: Fix potential buffer overflow by snprintf()\n (git-fixes).\n - ASoC: tas2770: Allow mono streams (git-fixes).\n - ata: libata-eh: Add missing command name (git-fixes).\n - ath10k: do not enforce interrupt trigger type (git-fixes).\n - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).\n - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).\n - blk-iocost: clamp inuse and skip noops in __propagate_weights()\n (bsc#1202722).\n - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).\n - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).\n - blk-iocost: rename propagate_active_weights() to propagate_weights()\n (bsc#1202722).\n - blktrace: fix blk_rq_merge documentation (git-fixes).\n - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).\n - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).\n - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).\n - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put\n (git-fixes).\n - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).\n - bpf: Compile out btf_parse_module() if module BTF is not enabled\n (git-fixes).\n - bus: hisi_lpc: fix missing platform_device_put() in\n hisi_lpc_acpi_probe() (git-fixes).\n - can: Break loopback loop on loopback documentation (git-fixes).\n - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).\n - can: error: specify the values of data[5..7] of CAN error frames\n (git-fixes).\n - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).\n - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off\n (git-fixes).\n - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off\n (git-fixes).\n - can: m_can: process interrupt only when not runtime suspended\n (git-fixes).\n - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).\n - can: pch_can: pch_can_error(): initialize errc before using it\n (git-fixes).\n - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).\n - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).\n - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).\n - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).\n - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).\n - ceph: do not truncate file in atomic_open (bsc#1202811).\n - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory\n (bsc#1203906).\n - cgroup: Trace event cgroup id fields should be u64 (git-fixes).\n - cgroup: Use separate src/dst nodes when preloading css_sets for\n migration (bsc#1201610).\n - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).\n - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).\n - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).\n - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain\n (git-fixes).\n - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).\n - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).\n - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).\n - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).\n - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks\n (git-fixes).\n - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).\n - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).\n - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).\n - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).\n - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)\n - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)\n - devlink: Fix use-after-free after a failed reload (git-fixes).\n - dm raid: fix KASAN warning in raid5_add_disks (git-fixes).\n - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed\n (git-fixes).\n - dpaa2-eth: unregister the netdev before disconnecting from the PHY\n (git-fixes).\n - driver core: Do not probe devices after bus_type.match() probe deferral\n (git-fixes).\n - driver core: fix potential deadlock in __driver_attach (git-fixes).\n - drm: adv7511: override i2c address of cec before accessing it\n (git-fixes).\n - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).\n - drm: bridge: sii8620: fix possible off-by-one (git-fixes).\n - drm/amd/display: Enable building new display engine with KCOV enabled\n (git-fixes).\n - drm/amdgpu: Check BO's requested pinning domains against its\n preferred_domains (git-fixes).\n - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).\n - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).\n - drm/amdgpu: remove useless condition in\n amdgpu_job_stop_all_jobs_on_sched() (git-fixes).\n - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).\n - drm/doc: Fix comment typo (git-fixes).\n - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent()\n failed (git-fixes).\n - drm/gem: Fix GEM handle release errors (git-fixes).\n - drm/gem: Properly annotate WW context on drm_gem_lock_reservations()\n error (git-fixes).\n - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).\n - drm/i915/reg: Fix spelling mistake \"Unsupport\" -> \"Unsupported\"\n (git-fixes).\n - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).\n - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function\n (git-fixes).\n - drm/mediatek: dpi: Only enable dpi after the bridge is enabled\n (git-fixes).\n - drm/mediatek: dpi: Remove output format of YUV (git-fixes).\n - drm/meson: Correct OSD1 global alpha value (git-fixes).\n - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).\n - drm/meson: Fix overflow implicit truncation warnings (git-fixes).\n - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()\n (git-fixes).\n - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).\n - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).\n - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).\n - drm/msm/dsi: fix the inconsistent indenting (git-fixes).\n - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform\n (git-fixes).\n - drm/msm/mdp5: Fix global state lock backoff (git-fixes).\n - drm/msm/rd: Fix FIFO-full deadlock (git-fixes).\n - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).\n - drm/radeon: add a force flush to delay work when radeon (git-fixes).\n - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).\n - drm/radeon: fix potential buffer overflow in\n ni_set_mc_special_registers() (git-fixes).\n - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).\n - drm/rockchip: vop: Do not crash for invalid duplicate_state()\n (git-fixes).\n - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).\n - drm/sun4i: dsi: Prevent underflow when computing packet sizes\n (git-fixes).\n - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable\n iteration (git-fixes).\n - drm/vc4: dsi: Correct DSI divider calculations (git-fixes).\n - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).\n - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes\n (git-fixes).\n - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).\n - drm/vc4: plane: Fix margin calculations for the right/bottom edges\n (git-fixes).\n - drm/vc4: plane: Remove subpixel positioning check (git-fixes).\n - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).\n - ehea: fix error return code in ehea_restart_qps() (git-fixes).\n - enetc: Fix endianness issues for enetc_qos (git-fixes).\n - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()\n (git-fixes).\n - ext4: add reserved GDT blocks check (bsc#1202712).\n - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).\n - ext4: do not use the orphan list when migrating an inode (bsc#1197756).\n - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).\n - ext4: fix bug_on in ext4_writepages (bsc#1200872).\n - ext4: fix error handling code in add_new_gdb (bsc#1179722).\n - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).\n - ext4: fix invalid inode checksum (bsc#1179723).\n - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).\n - ext4: fix overhead calculation to account for the reserved gdt blocks\n (bsc#1200869).\n - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).\n - ext4: fix race when reusing xattr blocks (bsc#1198971).\n - ext4: fix symlink file size not match to file content (bsc#1200868).\n - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).\n - ext4: fix use-after-free in ext4_search_dir (bsc#1202710).\n - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).\n - ext4: force overhead calculation if the s_overhead_cluster makes no\n sense (bsc#1200870).\n - ext4: recover csum seed of tmp_inode after migrating to extents\n (bsc#1202713).\n - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).\n - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).\n - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).\n - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()\n (git-fixes).\n - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).\n - firmware: tegra: bpmp: Do only aligned access to IPC memory area\n (git-fixes).\n - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).\n - fpga: altera-pr-ip: fix unsigned comparison with less than zero\n (git-fixes).\n - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped\n pages (bsc#1200873).\n - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace\n is dead (git-fixes).\n - fuse: ioctl: translate ENOSYS (bsc#1203136).\n - fuse: limit nsec (bsc#1203135).\n - fuse: Remove the control interface for virtio-fs (bsc#1203137).\n - gadgetfs: ep_io - wait until IRQ finishes (git-fixes).\n - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).\n - geneve: fix TOS inheriting for ipv4 (git-fixes).\n - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()\n (git-fixes).\n - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx\n (git-fixes).\n - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).\n - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).\n - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).\n - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message\n (git-fixes).\n - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).\n - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report\n (git-fixes).\n - HID: wacom: Do not register pad_input for touch switch (git-fixes).\n - HID: wacom: Only report rotation for art pen (git-fixes).\n - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info\n (bsc#1202701).\n - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).\n - i2c: cadence: Support PEC for SMBus block read (git-fixes).\n - i2c: Fix a potential use after free (git-fixes).\n - i2c: imx: Make sure to unregister adapter on remove() (git-fixes).\n - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).\n - ice: report supported and advertised autoneg using PHY capabilities\n (git-fixes).\n - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).\n - ieee802154/adf7242: defer destroy_workqueue call (git-fixes).\n - iio: accel: bma220: Fix alignment for DMA safety (git-fixes).\n - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).\n - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).\n - iio: adc: max1027: Fix alignment for DMA safety (git-fixes).\n - iio: adc: max11100: Fix alignment for DMA safety (git-fixes).\n - iio: adc: max1118: Fix alignment for DMA safety (git-fixes).\n - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).\n - iio: adc: mcp3911: make use of the sign bit (git-fixes).\n - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).\n - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).\n - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).\n - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large\n (git-fixes).\n - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).\n - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).\n - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).\n - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).\n - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).\n - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).\n - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).\n - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).\n - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).\n - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).\n - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).\n - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).\n - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).\n - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).\n - ima: force signature verification when CONFIG_KEXEC_SIG is configured\n (bsc#1203737).\n - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).\n - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag\n (git-fixes).\n - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).\n - Input: rk805-pwrkey - fix module autoloading (git-fixes).\n - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).\n - intel_th: Fix a resource leak in an error handling path (git-fixes).\n - intel_th: msu-sink: Potential dereference of null pointer (git-fixes).\n - intel_th: msu: Fix vmalloced buffers (git-fixes).\n - intel_th: pci: Add Meteor Lake-P support (git-fixes).\n - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).\n - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).\n - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement\n (git-fixes).\n - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop\n (git-fixes).\n - iommu/exynos: Handle failed IOMMU device registration properly\n (git-fixes).\n - iommu/iova: Improve 32-bit free space estimate (git-fixes).\n - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).\n - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).\n - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).\n - iommu/omap: Fix regression in probe for NULL pointer dereference\n (git-fixes).\n - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)\n (git-fixes).\n - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).\n - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).\n - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).\n - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).\n - ipmi: ssif: initialize ssif_info->client early (git-fixes).\n - ixgbevf: add correct exception tracing for XDP (git-fixes).\n - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal\n aborted (bsc#1202716).\n - jbd2: fix outstanding credits assert in\n jbd2_journal_commit_transaction() (bsc#1202715).\n - jfs: fix GPF in diFree (bsc#1203389).\n - JFS: fix memleak in jfs_mount (git-fixes).\n - JFS: more checks for invalid superblock (git-fixes).\n - jfs: prevent NULL deref in diFree (bsc#1203389).\n - kABI: cgroup: Restore KABI of css_set (bsc#1201610).\n - kABI: x86: kexec: hide new include from genksyms (bsc#1196444).\n - kabi/severities: add stmmac driver local sumbols\n - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).\n - kexec: do not verify the signature without the lockdown or mandatory\n signature (bsc#1203737).\n - kexec: drop weak attribute from arch_kexec_apply_relocations[_add]\n (bsc#1196444).\n - kexec: drop weak attribute from functions (bsc#1196444).\n - kexec: drop weak attribute from functions (bsc#1196444).\n - kexec: KEYS, s390: Make use of built-in and secondary keyring for\n signature verification (bsc#1196444).\n - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).\n - kfifo: fix kfifo_to_user() return type (git-fixes).\n - kfifo: fix ternary sign extension bugs (git-fixes).\n - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2\n (bsc#1201442)\n - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value\n (git-fixes).\n - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case\n (git-fixes).\n - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case\n (git-fixes).\n - KVM: PPC: Book3S HV: Context tracking exit guest context before enabling\n irqs (bsc#1065729).\n - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB\n (bsc#1156395).\n - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()\n (bsc#1156395).\n - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).\n - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant\n (bsc#1156395).\n - KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled\n (git-fixes).\n - KVM: x86: accept userspace interrupt only if no event is injected\n (git-fixes).\n - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks\n (git-fixes).\n - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical\n #GP (git-fixes).\n - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc()\n (git-fixes).\n - lib/list_debug.c: Detect uninitialized lists (git-fixes).\n - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420\n ZDI-CAN-17325).\n - list: add \"list_del_init_careful()\" to go with \"list_empty_careful()\"\n (bsc#1202745).\n - locking/lockdep: Avoid potential access of invalid memory in lock_class\n (git-fixes).\n - loop: Fix missing discard support when using LOOP_CONFIGURE\n (bsc#1202718).\n - mbcache: add functions to delete entry if unused (bsc#1198971).\n - mbcache: do not reclaim used entries (bsc#1198971).\n - md-raid10: fix KASAN warning (git-fixes).\n - md: call __md_stop_writes in md_stop (git-fixes).\n - md: unlock mddev before reap sync_thread in action_store (bsc#1197659).\n - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).\n - media: hdpvr: fix error value returns in hdpvr_read (git-fixes).\n - media: rc: increase rc-mm tolerance and add debug message (git-fixes).\n - media: rtl28xxu: add missing sleep before probing slave demod\n (git-fixes).\n - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle\n (git-fixes).\n - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).\n - media: smipcie: fix interrupt handling and IR timeout (git-fixes).\n - media: tw686x: Register the irq at the end of probe (git-fixes).\n - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device()\n (git-fixes).\n - media: v4l2-mem2mem: always consider OUTPUT queue during poll\n (git-fixes).\n - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).\n - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()\n (git-fixes).\n - memstick/ms_block: Fix a memory leak (git-fixes).\n - memstick/ms_block: Fix some incorrect memory allocation (git-fixes).\n - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).\n - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).\n - mfd: t7l66xb: Drop platform disable callback (git-fixes).\n - misc: fastrpc: fix memory corruption on open (git-fixes).\n - misc: fastrpc: fix memory corruption on probe (git-fixes).\n - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).\n - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).\n - mm: fix page reference leak in soft_offline_page() (git fixes\n (mm/memory-failure)).\n - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).\n - mm: pagewalk: Fix race between unmap and page walker (git-fixes,\n bsc#1203159).\n - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock\n (bsc#1201990).\n - mm: rmap: Fix anon_vma->degree ambiguity leading to double-reuse\n (git-fixes, bsc#1203098).\n - mm: smaps*: extend smap_gather_stats to support specified beginning\n (bsc#1201990).\n - mmap locking API: add mmap_lock_is_contended() (bsc#1201990).\n - mmc: cavium-octeon: Add of_node_put() when breaking out of loop\n (git-fixes).\n - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop\n (git-fixes).\n - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).\n - mmc: pxamci: Fix another error handling path in pxamci_probe()\n (git-fixes).\n - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).\n - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch\n (git-fixes).\n - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols\n (git-fixes).\n - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg\n (git-fixes).\n - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle\n (git-fixes).\n - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).\n - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).\n - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).\n - mtd: rawnand: meson: Fix a potential double free issue (git-fixes).\n - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release\n (git-fixes).\n - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path\n (git-fixes).\n - net_sched: cls_route: disallow handle of 0 (bsc#1202393).\n - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).\n - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).\n - net: cpsw: Properly initialise struct page_pool_params (git-fixes).\n - net: davinci_emac: Fix incorrect masking of tx and rx error channel\n (git-fixes).\n - net: dsa: b53: fix an off by one in checking \"vlan->vid\" (git-fixes).\n - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).\n - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).\n - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).\n - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).\n - net: enetc: Use pci_release_region() to release some resources\n (git-fixes).\n - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).\n - net: ethernet: ezchip: fix error handling (git-fixes).\n - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).\n - net: ethernet: ezchip: remove redundant check (git-fixes).\n - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).\n - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory\n (git-fixes).\n - net: fec_ptp: add clock rate zero check (git-fixes).\n - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).\n - net: ftgmac100: Fix crash when removing driver (git-fixes).\n - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).\n - net: hns: Fix kernel-doc (git-fixes).\n - net: lantiq: fix memory corruption in RX ring (git-fixes).\n - net: lapbether: Prevent racing when checking whether the netif is\n running (git-fixes).\n - net: mana: Add rmb after checking owner bits (git-fixes).\n - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).\n - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).\n - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).\n - net: mscc: ocelot: correctly report the timestamping RX filters in\n ethtool (git-fixes).\n - net: mscc: ocelot: do not downgrade timestamping RX filters in\n SIOCSHWTSTAMP (git-fixes).\n - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).\n - net: netcp: Fix an error message (git-fixes).\n - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).\n - net: rose: fix netdev reference changes (git-fixes).\n - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale\n pointer (git-fixes).\n - net: stmicro: handle clk_prepare() failure during init (git-fixes).\n - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).\n - net: stmmac: dwmac1000: Fix extended MAC address registers definition\n (git-fixes).\n - net: stmmac: Modify configuration method of EEE timers (git-fixes).\n - net: stmmac: Use resolved link config in mac_link_up() (git-fixes).\n - net: vmxnet3: fix possible NULL pointer dereference in\n vmxnet3_rq_cleanup() (bsc#1200431).\n - net: vmxnet3: fix possible use-after-free bugs in\n vmxnet3_rq_alloc_rx_buf() (bsc#1200431).\n - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c\n (bsc#1200431).\n - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send\n (git-fixes).\n - net:enetc: allocate CBD ring data memory using DMA coherent methods\n (git-fixes).\n - net/mlx5e: Check for needed capability for cvlan matching (git-fixes).\n - net/sonic: Fix a resource leak in an error handling path in\n 'jazz_sonic_probe()' (git-fixes).\n - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).\n - NFS: fix nfs_path in case of a rename retry (git-fixes).\n - NFS: Fix races in the legacy idmapper upcall (git-fixes).\n - NFS: Fix second deadlock in nfs4_evict_inode() (git-fixes).\n - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).\n - NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error\n (git-fixes).\n - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).\n - NFS: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag\n (git-fixes).\n - NFSD: Add missing NFSv2 .pc_func methods (git-fixes).\n - NFSD: Clamp WRITE offsets (git-fixes).\n - NFSD: Fix offset type in I/O trace points (git-fixes).\n - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).\n - NFSD: fix use-after-free due to delegation race (git-fixes).\n - NFSD: prevent integer overflow on 32 bit systems (git-fixes).\n - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).\n - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).\n - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).\n - nvme-rdma: Handle number of queue changes (bsc#1201865).\n - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).\n - nvme-tcp: Handle number of queue changes (bsc#1201865).\n - nvme: fix RCU hole that allowed for endless looping in multipath round\n robin (bsc#1202636).\n - nvmet: Expose max queues to configfs (bsc#1201865).\n - objtool: Add support for intra-function calls (bsc#1202396).\n - objtool: Make handle_insn_ops() unconditional (bsc#1202396).\n - objtool: Remove INSN_STACK (bsc#1202396).\n - objtool: Rework allocating stack_ops on decode (bsc#1202396).\n - objtool: Support multiple stack_op per instruction (bsc#1202396).\n - ocfs2: drop acl cache for directories too (bsc#1191667).\n - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).\n - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).\n - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).\n - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).\n - of/device: Fix up of_dma_configure_id() stub (git-fixes).\n - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).\n - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()\n (git-fixes).\n - PCI: dwc: Always enable CDM check if \"snps,enable-cdm-check\" exists\n (git-fixes).\n - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).\n - PCI: dwc: Disable outbound windows only for controllers using iATU\n (git-fixes).\n - PCI: dwc: Stop link on host_init errors and de-initialization\n (git-fixes).\n - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).\n - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).\n - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).\n - PCI: hv: Make the code arch neutral by adding arch specific interfaces\n (bsc#1200845).\n - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).\n - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()\n (bsc#1200845).\n - PCI: qcom: Fix pipe clock imbalance (git-fixes).\n - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).\n - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).\n - PCI: tegra194: Fix link up retry sequence (git-fixes).\n - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()\n (git-fixes).\n - PCI: tegra194: Fix Root Port interrupt handling (git-fixes).\n - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).\n - PCI/portdrv: Do not disable AER reporting in\n get_port_device_capability() (git-fixes).\n - perf bench: Share some global variables to fix build with gcc 10\n (git-fixes).\n - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map\n (git-fixes).\n - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).\n - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes).\n - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).\n - pinctrl/rockchip: fix gpio device creation (git-fixes).\n - platform/olpc: Fix uninitialized data in debugfs write (git-fixes).\n - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap\n fixes (git-fixes).\n - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).\n - PM: runtime: Remove link state checks in rpm_get/put_supplier()\n (git-fixes).\n - powerpc: define get_cycles macro for arch-override (bsc#1065729).\n - powerpc: Enable execve syscall exit tracepoint (bsc#1065729).\n - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).\n - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).\n - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).\n - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for\n PMI check in power_pmu_disable (bsc#1156395).\n - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).\n - powerpc/powernv: delay rng platform device creation until later in boot\n (bsc#1065729).\n - powerpc/powernv: rename remaining rng powernv_ functions to pnv_\n (bsc#1065729).\n - powerpc/powernv: Staticify functions without prototypes (bsc#1065729).\n - powerpc/powernv: wire up rng during setup_arch (bsc#1065729).\n - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).\n - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).\n - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).\n - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).\n - profiling: fix shift too large makes kernel panic (git-fixes).\n - profiling: fix shift-out-of-bounds bugs (git fixes).\n - psi: Fix uaf issue when psi trigger is destroyed while being polled\n (bsc#1203909).\n - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).\n - random: fix crash on multiple early calls to add_bootloader_randomness()\n (git-fixes).\n - random: remove useless header comment (git fixes).\n - ratelimit: Fix data-races in ___ratelimit() (git-fixes).\n - regulator: core: Clean up on enable failure (git-fixes).\n - regulator: of: Fix refcount leak bug in of_get_regulation_constraints()\n (git-fixes).\n - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr\n (bsc#1202714).\n - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config\n (git-fixes).\n - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).\n - s390/crash: fix incorrect number of bytes to copy to user space\n (git-fixes).\n - s390/crash: make copy_oldmem_page() return number of bytes copied\n (git-fixes).\n - s390/mm: do not trigger write fault when vma does not allow VM_WRITE\n (git-fixes).\n - s390/mm: fix 2KB pgtable release race (git-fixes).\n - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594\n LTC#197522).\n - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).\n - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984\n LTC#199607).\n - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607).\n - s390/qeth: improve selection of ethtool link modes (bsc#1202984\n LTC#199607).\n - s390/qeth: set static link info during initialization (bsc#1202984\n LTC#199607).\n - s390/qeth: tolerate error when querying card info (bsc#1202984\n LTC#199607).\n - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607).\n - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)\n - sched/fair: Revise comment about lb decision matrix (git fixes\n (sched/fair)).\n - sched/membarrier: fix missing local execution of ipi_sync_rq_state()\n (git fixes (sched/membarrier)).\n - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid\n (git-fixes).\n - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).\n - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID\n cases (bsc#1203939).\n - scsi: lpfc: Add reporting capability for Link Degrade Signaling\n (bsc#1203939).\n - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE\n (bsc#1203063).\n - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).\n - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).\n - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).\n - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload\n (bsc#1203939).\n - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same\n NPort ID (bsc#1203939).\n - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for\n GFT_ID (bsc#1203063).\n - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).\n - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT\n discovery (bsc#1203063).\n - scsi: lpfc: Fix various issues reported by tools (bsc#1203939).\n - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed\n phba (bsc#1185032 bsc#1203939).\n - scsi: lpfc: Remove SANDiags related code (bsc#1203063).\n - scsi: lpfc: Remove the unneeded result variable (bsc#1203939).\n - scsi: lpfc: Remove unneeded result variable (bsc#1203939).\n - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd\n (bsc#1203939).\n - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE\n (bsc#1203939).\n - scsi: lpfc: Rework FDMI attribute registration for unintential padding\n (bsc#1203939).\n - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency\n (bsc#1203939).\n - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).\n - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager\n application (bsc#1203939).\n - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).\n - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).\n - scsi: mpt3sas: Fix use-after-free warning (git-fixes).\n - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).\n - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status\n (bsc#1203935).\n - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1()\n (bsc#1203935).\n - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).\n - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX\n (bsc#1203935).\n - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).\n - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).\n - scsi: qla2xxx: Fix response queue handler reading stale packets\n (bsc#1203935).\n - scsi: qla2xxx: Log message \"skipping scsi_scan_host()\" as informational\n (bsc#1203935).\n - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).\n - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).\n - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).\n - scsi: qla2xxx: Revert \"scsi: qla2xxx: Fix response queue handler reading\n stale packets\" (bsc#1203935).\n - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).\n - scsi: sg: Allow waiting for commands to complete on removed device\n (git-fixes).\n - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).\n - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).\n - scsi: smartpqi: Update LUN reset handler (bsc#1200622).\n - selftests: futex: Use variable MAKE instead of make (git-fixes).\n - serial: 8250_dw: Store LSR into lsr_saved_flags in\n dw8250_tx_wait_empty() (git-fixes).\n - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).\n - serial: mvebu-uart: uart2 error bits clearing (git-fixes).\n - serial: tegra: Change lower tolerance baud rate limit for tegra20 and\n tegra30 (git-fixes).\n - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs\n (git-fixes).\n - soc: fsl: guts: machine variable might be unset (git-fixes).\n - soundwire: bus_type: fix remove and shutdown support (git-fixes).\n - spi: Fix incorrect cs_setup delay handling (git-fixes).\n - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).\n - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).\n - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions\n (git-fixes).\n - squashfs: fix divide error in calculate_skip() (git-fixes).\n - staging: rtl8192u: Fix sleep in atomic context bug in\n dm_fsync_timer_callback (git-fixes).\n - staging: rtl8712: fix use after free bugs (git-fixes).\n - SUNRPC reverting d03727b248d0 (\"NFSv4 fix CLOSE not waiting for direct\n IO compeletion\") (git-fixes).\n - SUNRPC: Clean up scheduling of autoclose (git-fixes).\n - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).\n - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).\n - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).\n - SUNRPC: fix expiry of auth creds (git-fixes).\n - SUNRPC: Fix misplaced barrier in call_decode (git-fixes).\n - SUNRPC: Fix READ_PLUS crasher (git-fixes).\n - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes).\n - SUNRPC: Prevent immediate close+reconnect (git-fixes).\n - SUNRPC: Reinitialise the backchannel request buffers before reuse\n (git-fixes).\n - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).\n - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes).\n - tee: optee: Fix incorrect page free bug (git-fixes).\n - thermal: Fix NULL pointer dereferences in of_thermal_ functions\n (git-fixes).\n - thermal: sysfs: Fix cooling_device_stats_setup() error code path\n (git-fixes).\n - thermal/tools/tmon: Include pthread and time headers in tmon.h\n (git-fixes).\n - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).\n - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes\n (kernel/time)).\n - tools/thermal: Fix possible path truncations (git-fixes).\n - tracing: Add ustring operation to filtering string pointers (git-fixes).\n - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).\n - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).\n - tracing/histograms: Fix memory leak problem (git-fixes).\n - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).\n - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).\n - tty: serial: lpuart: disable flow control while waiting for the transmit\n engine to complete (git-fixes).\n - tty: vt: initialize unicode screen buffer (git-fixes).\n - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).\n - USB: core: Fix RST error in hub.c (git-fixes).\n - USB: core: Prevent nested device-reset calls (git-fixes).\n - USB: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).\n - USB: dwc3: add cancelled reasons for dwc3 requests (git-fixes).\n - USB: dwc3: disable USB core PHY management (git-fixes).\n - USB: dwc3: ep0: Fix delay status handling (git-fixes).\n - USB: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).\n - USB: dwc3: gadget: Fix IN endpoint max packet size allocation\n (git-fixes).\n - USB: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).\n - USB: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).\n - USB: dwc3: gadget: Remove unnecessary checks (git-fixes).\n - USB: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback\n (git-fixes).\n - USB: dwc3: gadget: Store resource index of start cmd (git-fixes).\n - USB: dwc3: qcom: fix missing optional irq warnings.\n - USB: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).\n - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).\n - USB: Follow-up to SPDX identifiers addition - remove now useless\n comments (git-fixes).\n - USB: gadget: mass_storage: Fix cdrom data transfers on MAC-OS\n (git-fixes).\n - USB: gadget: u_audio: fix race condition on endpoint stop (git-fixes).\n - USB: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).\n - USB: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).\n - USB: gadget: uvc: call uvc uvcg_warn on completed status instead of\n uvcg_info (git-fixes).\n - USB: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).\n - USB: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).\n - USB: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).\n - USB: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).\n - USB: otg-fsm: Fix hrtimer list corruption (git-fixes).\n - USB: renesas: Fix refcount leak bug (git-fixes).\n - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).\n - USB: serial: ch341: fix lost character on LCR updates (git-fixes).\n - USB: serial: ch341: name prescaler, divisor registers (git-fixes).\n - USB: serial: cp210x: add Decagon UCA device id (git-fixes).\n - USB: serial: fix tty-port initialized comments (git-fixes).\n - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).\n - USB: serial: option: add Quectel EM060K modem (git-fixes).\n - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode\n (git-fixes).\n - USB: serial: option: add support for OPPO R11 diag port (git-fixes).\n - USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).\n - USB: storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes).\n - USB: struct usb_device: hide new member (git-fixes).\n - USB: typec: altmodes/displayport: correct pin assignment for UFP\n receptacles (git-fixes).\n - USB: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion\n (git-fixes).\n - USB: xhci: tegra: Fix error check (git-fixes).\n - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).\n - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).\n - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).\n - vboxguest: Do not use devm for irq (git-fixes).\n - vfio/ccw: Remove UUID from s390 debug log (git-fixes).\n - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).\n - video: fbdev: arkfb: Check the size of screen before memset_io()\n (git-fixes).\n - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()\n (git-fixes).\n - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).\n - video: fbdev: s3fb: Check the size of screen before memset_io()\n (git-fixes).\n - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).\n - video: fbdev: vt8623fb: Check the size of screen before memset_io()\n (git-fixes).\n - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).\n - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).\n - virtio-net: fix the race between refill work and close (git-fixes).\n - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).\n - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291,\n jsc#SLE-24635).\n - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).\n - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291,\n jsc#SLE-24635).\n - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291,\n jsc#SLE-24635).\n - VMCI: dma dg: allocate send and receive buffers for DMA datagrams\n (bsc#1199291, jsc#SLE-24635).\n - VMCI: dma dg: detect DMA datagram capability (bsc#1199291,\n jsc#SLE-24635).\n - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams\n (bsc#1199291, jsc#SLE-24635).\n - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).\n - VMCI: dma dg: whitespace formatting change for vmci register defines\n (bsc#1199291, jsc#SLE-24635).\n - VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC\n (bsc#1199291, jsc#SLE-24635).\n - VMCI: Fix some error handling paths in vmci_guest_probe_device()\n (bsc#1199291, jsc#SLE-24635).\n - VMCI: Release notification_bitmap in error path (bsc#1199291,\n jsc#SLE-24635).\n - vmxnet3: add command to set ring buffer sizes (bsc#1200431).\n - vmxnet3: add support for capability registers (bsc#1200431).\n - vmxnet3: add support for large passthrough BAR register (bsc#1200431).\n - vmxnet3: add support for out of order rx completion (bsc#1200431).\n - vmxnet3: disable overlay offloads if UPT device does not support\n (bsc#1200431).\n - vmxnet3: do not reschedule napi for rx processing (bsc#1200431).\n - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).\n - vmxnet3: Implement ethtool's get_channels command (bsc#1200431).\n - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).\n - vmxnet3: prepare for version 7 changes (bsc#1200431).\n - vmxnet3: Record queue number to incoming packets (bsc#1200431).\n - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).\n - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).\n - vmxnet3: update to version 7 (bsc#1200431).\n - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).\n - vsock: Fix memory leak in vsock_connect() (git-fixes).\n - vsock: Set socket state back to SS_UNCONNECTED in\n vsock_connect_timeout() (git-fixes).\n - vt: Clear selection before changing the font (git-fixes).\n - vt: selection, introduce vc_is_sel (git-fixes).\n - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in\n armada_37xx_wdt_probe() (git-fixes).\n - watchdog: wdat_wdt: Set the min and max timeout values properly\n (bsc#1194023).\n - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()\n (git-fixes).\n - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in\n il4965_rs_fill_link_cmd() (git-fixes).\n - wifi: iwlegacy: 4965: fix potential off-by-one overflow in\n il4965_rs_fill_link_cmd() (git-fixes).\n - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue\n (git-fixes).\n - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).\n - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).\n - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).\n - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).\n - wifi: mac80211: Do not finalize CSA in IBSS mode if state is\n disconnected (git-fixes).\n - wifi: p54: add missing parentheses in p54_flush() (git-fixes).\n - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).\n - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()\n (git-fixes).\n - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()\n (git-fixes).\n - wifi: wil6210: debugfs: fix uninitialized variable use in\n `wil_write_file_wmi()` (git-fixes).\n - x86/bugs: Reenable retbleed=off While for older kernels the return\n thunks are statically built in and cannot be dynamically patched out,\n retbleed=off should still work so that it can be disabled.\n - x86/kexec: fix memory leak of elf header buffer (bsc#1196444).\n - x86/olpc: fix 'logical not is only applied to the left hand side'\n (git-fixes).\n - x86/xen: Remove undefined behavior in setup_features() (git-fixes).\n - xen/xenbus: fix return type in xenbus_file_read() (git-fixes).\n - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).\n - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).\n - xfs: Fix assert failure in xfs_setattr_size() (git-fixes).\n - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).\n - xfs: mark a data structure sick if there are cross-referencing errors\n (git-fixes).\n - xfs: only reset incore inode health state flags when reclaiming an inode\n (git-fixes).\n - xfs: prevent a UAF when log IO errors race with unmount (git-fixes).\n - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).\n - xprtrdma: Fix cwnd update ordering (git-fixes).\n - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-3609=1\n\n - SUSE Linux Enterprise Module for Public Cloud 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3609=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3695", "CVE-2020-16119", "CVE-2020-27784", "CVE-2020-36516", "CVE-2021-4155", "CVE-2021-4203", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-2503", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-2663", "CVE-2022-2905", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-36879", "CVE-2022-39188", "CVE-2022-39190", "CVE-2022-41218", "CVE-2022-41222", "CVE-2022-41848", "CVE-2022-41849"], "modified": "2022-10-18T00:00:00", "id": "SUSE-SU-2022:3609-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XOMMJ6TOFV2YSSGL2X5AXFLROESPWDQG/", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2023-02-09T03:01:14", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3775-1 advisory.\n\n - Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.\n (CVE-2020-16119)\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. (CVE-2022-3169)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use- after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-27T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:3775-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16119", "CVE-2022-20008", "CVE-2022-2503", "CVE-2022-2586", "CVE-2022-3169", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-40768", "CVE-2022-41218", "CVE-2022-41222", "CVE-2022-41674", "CVE-2022-41848", "CVE-2022-41849", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721", "CVE-2022-42722"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_98-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3775-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166585", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3775-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166585);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2020-16119\",\n \"CVE-2022-2503\",\n \"CVE-2022-2586\",\n \"CVE-2022-3169\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-20008\",\n \"CVE-2022-40768\",\n \"CVE-2022-41218\",\n \"CVE-2022-41222\",\n \"CVE-2022-41674\",\n \"CVE-2022-41848\",\n \"CVE-2022-41849\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\",\n \"CVE-2022-42722\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3775-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:3775-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:3775-1 advisory.\n\n - Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP\n socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux\n kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.\n (CVE-2020-16119)\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized\n data. This could lead to local information disclosure if reading from an SD card that triggers errors,\n with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request\n of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting\n in a PCIe link disconnect. (CVE-2022-3169)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information\n from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused\n by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is\n not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant\n use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race\n condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-\n after-free if a physically proximate attacker removes a USB device while calling open(), aka a race\n condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the\n mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon\n protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204292\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012711.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e46e89a7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-40768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42722\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16119\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_98-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150300.59.98-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_98-default-1-150300.7.5.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / cluster-md-kmp-preempt / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T03:01:15", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3693-1 advisory.\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-24T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:3693-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20008", "CVE-2022-2503", "CVE-2022-32296", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-41218", "CVE-2022-41848"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_126-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3693-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166432", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3693-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166432);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2022-2503\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-20008\",\n \"CVE-2022-32296\",\n \"CVE-2022-41218\",\n \"CVE-2022-41848\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3693-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:3693-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:3693-1 advisory.\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized\n data. This could lead to local information disclosure if reading from an SD card that triggers errors,\n with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused\n by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant\n use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race\n condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203987\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012617.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?90af35b0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41848\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32296\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_126-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-150100.197.126-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150100_197_126-default-1-150100.3.3.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-09T03:01:44", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3844-1 advisory.\n\n - A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled.\n This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. (CVE-2022-1263)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.\n (CVE-2022-3202)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use- after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:3844-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1263", "CVE-2022-2586", "CVE-2022-3202", "CVE-2022-32296", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-39189", "CVE-2022-41218", "CVE-2022-41674", "CVE-2022-41848", "CVE-2022-41849", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721", "CVE-2022-42722"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_28-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3844-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166793", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3844-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166793);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2022-1263\",\n \"CVE-2022-2586\",\n \"CVE-2022-3202\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-32296\",\n \"CVE-2022-39189\",\n \"CVE-2022-41218\",\n \"CVE-2022-41674\",\n \"CVE-2022-41848\",\n \"CVE-2022-41849\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\",\n \"CVE-2022-42722\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3844-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:3844-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:3844-1 advisory.\n\n - A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled.\n This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a\n kernel oops condition that results in a denial of service. (CVE-2022-1263)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux\n kernel. This could allow a local attacker to crash the system or leak kernel internal information.\n (CVE-2022-3202)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused\n by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant\n use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race\n condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-\n after-free if a physically proximate attacker removes a USB device while calling open(), aka a race\n condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the\n mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon\n protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203908\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204125\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-November/012797.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bcfbed94\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42722\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32296\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_28-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-ha-release-15.4', 'sles-release-15.4']},\n {'reference':'dlm-kmp-default-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-ha-release-15.4', 'sles-release-15.4']},\n {'reference':'gfs2-kmp-default-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-ha-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-64kb-5.14.21-150400.24.28.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-64kb-5.14.21-150400.24.28.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-64kb-devel-5.14.21-150400.24.28.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-64kb-devel-5.14.21-150400.24.28.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-devel-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-devel-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-extra-5.14.21-150400.24.28.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-extra-5.14.21-150400.24.28.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-devel-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-devel-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-macros-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-macros-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-obs-build-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-obs-build-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-source-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-source-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-syms-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-syms-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-zfcpdump-5.14.21-150400.24.28.1', 'sp':'4', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-zfcpdump-5.14.21-150400.24.28.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'ocfs2-kmp-default-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-ha-release-15.4', 'sles-release-15.4']},\n {'reference':'reiserfs-kmp-default-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'cluster-md-kmp-64kb-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'cluster-md-kmp-default-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dlm-kmp-64kb-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dlm-kmp-default-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-allwinner-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-altera-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-amazon-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-amd-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-amlogic-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-apm-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-apple-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-arm-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-broadcom-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-cavium-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-exynos-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-freescale-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-hisilicon-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-lg-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-marvell-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-mediatek-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-nvidia-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-qcom-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-renesas-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-rockchip-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-socionext-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-sprd-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-xilinx-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'gfs2-kmp-64kb-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'gfs2-kmp-default-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-64kb-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-64kb-devel-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-64kb-extra-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-64kb-livepatch-devel-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-64kb-optional-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-debug-5.14.21-150400.24.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-debug-devel-5.14.21-150400.24.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-debug-livepatch-devel-5.14.21-150400.24.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-base-rebuild-5.14.21-150400.24.28.1.150400.24.9.5', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-devel-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-extra-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-livepatch-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-livepatch-devel-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-optional-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-devel-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-5.14.21-150400.24.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-devel-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-devel-5.14.21-150400.24.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-macros-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-obs-build-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-obs-qa-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-source-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-source-vanilla-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-syms-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-zfcpdump-5.14.21-150400.24.28.1', 'cpu':'s390x', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kselftests-kmp-64kb-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kselftests-kmp-default-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'ocfs2-kmp-64kb-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'ocfs2-kmp-default-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'reiserfs-kmp-64kb-5.14.21-150400.24.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'reiserfs-kmp-default-5.14.21-150400.24.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-livepatch-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.4']},\n {'reference':'kernel-default-livepatch-devel-5.14.21-150400.24.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.4']},\n {'reference':'kernel-livepatch-5_14_21-150400_24_28-default-1-150400.9.3.5', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / dlm-kmp-64kb / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-04T16:06:17", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3688-1 advisory.\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-22T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3688-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2503", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-41218", "CVE-2022-41848"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_104-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3688-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166419", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3688-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166419);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2022-2503\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-41218\",\n \"CVE-2022-41848\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3688-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3688-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3688-1 advisory.\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused\n by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant\n use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race\n condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203987\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012601.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf77140b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41848\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_104-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-150000.150.104-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150000_150_104-default-1-150000.1.3.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-04T22:55:47", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3657-1 advisory.\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-20T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP3) (SUSE-SU-2022:3657-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-39189", "CVE-2022-41222", "CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_54-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3657-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166307", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3657-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166307);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2022-39189\",\n \"CVE-2022-41222\",\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3657-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP3) (SUSE-SU-2022:3657-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3657-1 advisory.\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is\n not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204292\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012577.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1f1e2227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42721\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150300_59_54-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_54-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150300.59.54-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_54-default-13-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150300_59_54-default');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-05T09:12:14", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3606-1 advisory.\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-19T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 24 for SLE 15 SP3) (SUSE-SU-2022:3606-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-39189", "CVE-2022-41222", "CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_93-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3606-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166256", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3606-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166256);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2022-39189\",\n \"CVE-2022-41222\",\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3606-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 24 for SLE 15 SP3) (SUSE-SU-2022:3606-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3606-1 advisory.\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is\n not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204292\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012552.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c77ce1d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42721\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150300_59_93-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_93-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150300.59.93-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_93-default-3-150300.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150300_59_93-default');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-08T06:39:27", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3648-1 advisory.\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-19T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP3) (SUSE-SU-2022:3648-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-39189", "CVE-2022-41222", "CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-59_27-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_86-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-59_34-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_93-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-59_37-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_96-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-59_40-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_43-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_49-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_46-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_107-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_60-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_63-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_112-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_68-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_71-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_115-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_76-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_87-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_126-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_90-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3648-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166247", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3648-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166247);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2022-39189\",\n \"CVE-2022-41222\",\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3648-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP3) (SUSE-SU-2022:3648-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3648-1 advisory.\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is\n not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204292\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012567.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7184e246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42721\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_112-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_115-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_126-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_43-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_46-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_49-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_60-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_63-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_68-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_71-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_76-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_87-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_90-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_107-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_86-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_93-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_96-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_27-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_34-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_37-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_40-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150200.24.112-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150200_24_112-default-9-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-150200.24.115-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150200_24_115-default-7-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-150200.24.126-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150200_24_126-default-4-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-150300.59.43-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_43-default-15-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.46-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_46-default-15-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.49-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_49-default-14-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.60-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_60-default-12-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.63-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_63-default-9-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.68-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_68-default-8-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.71-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_71-default-7-150300.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.76-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_76-default-6-150300.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.87-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_87-default-5-150300.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.90-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_90-default-4-150300.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-24.102-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_102-default-14-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.107-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_107-default-13-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.86-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_86-default-18-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.93-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_93-default-17-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.96-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_96-default-16-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.99-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_99-default-15-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-59.27-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-59_27-default-18-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-59.34-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-59_34-default-17-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-59.37-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-59_37-default-16-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-59.40-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-59_40-default-16-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150200_24_112-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-05T03:17:40", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3587-1 advisory.\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:3587-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20008", "CVE-2022-2503", "CVE-2022-2663", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-39188", "CVE-2022-41218", "CVE-2022-41848"], "modified": "2022-10-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-3587-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166193", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3587-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166193);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/18\");\n\n script_cve_id(\n \"CVE-2022-2503\",\n \"CVE-2022-2663\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-20008\",\n \"CVE-2022-39188\",\n \"CVE-2022-41218\",\n \"CVE-2022-41848\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3587-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:3587-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:3587-1 advisory.\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized\n data. This could lead to local information disclosure if reading from an SD card that triggers errors,\n with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and\n incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted\n IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused\n by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant\n use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race\n condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1124235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203987\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012539.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0e9ef07\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41848\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-default-extra-4.12.14-122.136.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sled-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.136.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sled-release-12.5', 'sles-release-12.5']},\n {'reference':'cluster-md-kmp-default-4.12.14-122.136.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-12.5', 'sle-ha-release-12.5', 'sles-release-12.5']},\n {'reference':'dlm-kmp-default-4.12.14-122.136.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-12.5', 'sle-ha-release-12.5', 'sles-release-12.5']},\n {'reference':'gfs2-kmp-default-4.12.14-122.136.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-12.5', 'sle-ha-release-12.5', 'sles-release-12.5']},\n {'reference':'ocfs2-kmp-default-4.12.14-122.136.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-12.5', 'sle-ha-release-12.5', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-04T04:52:20", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3584-1 advisory.\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3584-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20008", "CVE-2022-2503", "CVE-2022-2663", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-39188", "CVE-2022-41218", "CVE-2022-41848"], "modified": "2022-10-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-3584-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166188", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3584-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166188);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/18\");\n\n script_cve_id(\n \"CVE-2022-2503\",\n \"CVE-2022-2663\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-20008\",\n \"CVE-2022-39188\",\n \"CVE-2022-41218\",\n \"CVE-2022-41848\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3584-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3584-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3584-1 advisory.\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized\n data. This could lead to local information disclosure if reading from an SD card that triggers errors,\n with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and\n incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted\n IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused\n by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant\n use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race\n condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1124235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203987\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012540.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e818b059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41848\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-azure-4.12.14-16.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-azure-base-4.12.14-16.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-azure-devel-4.12.14-16.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-devel-azure-4.12.14-16.112.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-source-azure-4.12.14-16.112.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-syms-azure-4.12.14-16.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-base / kernel-azure-devel / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-04T04:52:26", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3599-1 advisory.\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3599-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2503", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-41218"], "modified": "2022-11-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-3599-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166190", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3599-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166190);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/29\");\n\n script_cve_id(\n \"CVE-2022-2503\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-41218\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3599-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3599-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3599-1 advisory.\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused\n by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203769\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012549.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0740377a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41218\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.180-94.177.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-default-base-4.4.180-94.177.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-default-devel-4.4.180-94.177.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-devel-4.4.180-94.177.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-macros-4.4.180-94.177.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-source-4.4.180-94.177.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-syms-4.4.180-94.177.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-04T04:50:08", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3779-1 advisory.\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-27T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3779-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2503", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-41218"], "modified": "2022-11-28T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-3779-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166587", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3779-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166587);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/28\");\n\n script_cve_id(\n \"CVE-2022-2503\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-41218\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3779-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3779-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3779-1 advisory.\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused\n by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203769\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012713.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0ed19fa\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41218\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.121-92.191.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'kernel-default-base-4.4.121-92.191.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'kernel-default-devel-4.4.121-92.191.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'kernel-devel-4.4.121-92.191.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'kernel-macros-4.4.121-92.191.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'kernel-source-4.4.121-92.191.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'kernel-syms-4.4.121-92.191.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-04T22:57:51", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3607-1 advisory.\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-19T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 30 for SLE 15 SP2) (SUSE-SU-2022:3607-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39698", "CVE-2022-39189", "CVE-2022-41222", "CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_129-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3607-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166253", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3607-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166253);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-39698\",\n \"CVE-2022-39189\",\n \"CVE-2022-41222\",\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3607-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 30 for SLE 15 SP2) (SUSE-SU-2022:3607-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3607-1 advisory.\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is\n not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204292\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012556.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee142773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42721\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150200_24_129-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39698\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_129-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150200.24.129-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150200_24_129-default-2-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150200_24_129-default');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:35:07", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3605-1 advisory.\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP4) (SUSE-SU-2022:3605-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-39189", "CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721"], "modified": "2022-12-01T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_18-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3605-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166187", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3605-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166187);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/01\");\n\n script_cve_id(\n \"CVE-2022-39189\",\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3605-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP4) (SUSE-SU-2022:3605-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3605-1 advisory.\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204292\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012551.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5731a1aa\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42721\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_14_21-150400_24_18-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_18-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-livepatch-5_14_21-150400_24_18-default-4-150400.2.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-live-patching-release-15.4', 'sles-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_14_21-150400_24_18-default');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:34:23", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3601-1 advisory.\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 3 for SLE 15 SP4) (SUSE-SU-2022:3601-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-39189", "CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721"], "modified": "2022-12-01T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_21-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3601-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166191", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3601-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166191);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/01\");\n\n script_cve_id(\n \"CVE-2022-39189\",\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3601-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 3 for SLE 15 SP4) (SUSE-SU-2022:3601-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3601-1 advisory.\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204292\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012547.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a90d6a2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42721\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_14_21-150400_24_21-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_21-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-live-patching-release-15.4', 'sles-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_14_21-150400_24_21-default');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:35:02", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3628-1 advisory.\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-19T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:3628-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-39189", "CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721"], "modified": "2022-12-01T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_14_21-150400_22-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3628-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166254", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3628-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166254);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/01\");\n\n script_cve_id(\n \"CVE-2022-39189\",\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3628-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:3628-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3628-1 advisory.\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204292\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012566.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ca3a20e0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42721\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_14_21-150400_22-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_22-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-livepatch-5_14_21-150400_22-default-7-150400.4.18.3', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-live-patching-release-15.4', 'sles-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_14_21-150400_22-default');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-18T18:45:44", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5708-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-02T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : backport-iwlwifi-dkms vulnerabilities (USN-5708-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721", "CVE-2022-42722"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:backport-iwlwifi-dkms"], "id": "UBUNTU_USN-5708-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166799", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5708-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166799);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\",\n \"CVE-2022-42722\"\n );\n script_xref(name:\"USN\", value:\"5708-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : backport-iwlwifi-dkms vulnerabilities (USN-5708-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has a package installed that is affected by multiple\nvulnerabilities as referenced in the USN-5708-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the\n mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon\n protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5708-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected backport-iwlwifi-dkms package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:backport-iwlwifi-dkms\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04|22\\.04|22\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04 / 22.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'backport-iwlwifi-dkms', 'pkgver': '8324-0ubuntu3~20.04.5'},\n {'osver': '22.04', 'pkgname': 'backport-iwlwifi-dkms', 'pkgver': '9858-0ubuntu3.1'},\n {'osver': '22.10', 'pkgname': 'backport-iwlwifi-dkms', 'pkgver': '9904-0ubuntu3.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'backport-iwlwifi-dkms');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-09T06:39:15", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3585-1 advisory.\n\n - A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled.\n This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. (CVE-2022-1263)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.\n (CVE-2022-3202)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use- after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-15T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:3585-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1263", "CVE-2022-2586", "CVE-2022-3202", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-39189", "CVE-2022-41218", "CVE-2022-41848", "CVE-2022-41849"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-azure-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source-azure:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3585-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166146", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3585-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166146);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2022-1263\",\n \"CVE-2022-2586\",\n \"CVE-2022-3202\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-39189\",\n \"CVE-2022-41218\",\n \"CVE-2022-41848\",\n \"CVE-2022-41849\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3585-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:3585-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:3585-1 advisory.\n\n - A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled.\n This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a\n kernel oops condition that results in a denial of service. (CVE-2022-1263)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux\n kernel. This could allow a local attacker to crash the system or leak kernel internal information.\n (CVE-2022-3202)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused\n by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant\n use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race\n condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-\n after-free if a physically proximate attacker removes a USB device while calling open(), aka a race\n condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203908\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203992\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012536.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?22c0a977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-39189\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.14.21-150400.14.16.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-azure-5.14.21-150400.14.16.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-azure-devel-5.14.21-150400.14.16.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-azure-devel-5.14.21-150400.14.16.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-devel-azure-5.14.21-150400.14.16.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-source-azure-5.14.21-150400.14.16.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-syms-azure-5.14.21-150400.14.16.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-syms-azure-5.14.21-150400.14.16.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'cluster-md-kmp-azure-5.14.21-150400.14.16.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'cluster-md-kmp-azure-5.14.21-150400.14.16.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dlm-kmp-azure-5.14.21-150400.14.16.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dlm-kmp-azure-5.14.21-150400.14.16.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'gfs2-kmp-azure-5.14.21-150400.14.16.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'gfs2-kmp-azure-5.14.21-150400.14.16.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-5.14.21-150400.14.16.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-5.14.21-150400.14.16.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-devel-5.14.21-150400.14.16.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-devel-5.14.21-150400.14.16.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-extra-5.14.21-150400.14.16.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-extra-5.14.21-150400.14.16.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-livepatch-devel-5.14.21-150400.14.16.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-livepatch-devel-5.14.21-150400.14.16.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-optional-5.14.21-150400.14.16.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-optional-5.14.21-150400.14.16.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-devel-azure-5.14.21-150400.14.16.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-source-azure-5.14.21-150400.14.16.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-syms-azure-5.14.21-150400.14.16.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-syms-azure-5.14.21-150400.14.16.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kselftests-kmp-azure-5.14.21-150400.14.16.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kselftests-kmp-azure-5.14.21-150400.14.16.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'ocfs2-kmp-azure-5.14.21-150400.14.16.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'ocfs2-kmp-azure-5.14.21-150400.14.16.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'reiserfs-kmp-azure-5.14.21-150400.14.16.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'reiserfs-kmp-azure-5.14.21-150400.14.16.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / kernel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-04T03:03:08", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3810-1 advisory.\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. (CVE-2022-3169)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. (CVE-2022-40307)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-01T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3810-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20008", "CVE-2022-2503", "CVE-2022-3169", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-3424", "CVE-2022-40307", "CVE-2022-40768", "CVE-2022-41218", "CVE-2022-41848"], "modified": "2022-11-01T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-3810-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166765", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3810-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166765);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\n \"CVE-2022-2503\",\n \"CVE-2022-3169\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-3424\",\n \"CVE-2022-20008\",\n \"CVE-2022-40307\",\n \"CVE-2022-40768\",\n \"CVE-2022-41218\",\n \"CVE-2022-41848\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3810-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3810-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3810-1 advisory.\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized\n data. This could lead to local information disclosure if reading from an SD card that triggers errors,\n with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request\n of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting\n in a PCIe link disconnect. (CVE-2022-3169)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a\n race condition with a resultant use-after-free. (CVE-2022-40307)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information\n from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused\n by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant\n use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race\n condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1032323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1124235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204166\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012772.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?db7b9ef8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-40307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-40768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41848\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-4.12.14-10.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'dlm-kmp-rt-4.12.14-10.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'gfs2-kmp-rt-4.12.14-10.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-devel-rt-4.12.14-10.103.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt-4.12.14-10.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt-base-4.12.14-10.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt-devel-4.12.14-10.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt_debug-4.12.14-10.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt_debug-devel-4.12.14-10.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-source-rt-4.12.14-10.103.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-syms-rt-4.12.14-10.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'ocfs2-kmp-rt-4.12.14-10.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-05T09:13:22", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5692-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-19T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5692-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2602", "CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721", "CVE-2022-42722"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1054-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1007-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1017-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1019-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1020-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1021-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1021-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1022-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1022-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-52-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-52-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-52-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-52-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-52-lowlatency-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle"], "id": "UBUNTU_USN-5692-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166276", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5692-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166276);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-2602\",\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\",\n \"CVE-2022-42722\"\n );\n script_xref(name:\"USN\", value:\"5692-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5692-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5692-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the\n mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon\n protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5692-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1054-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1007-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1017-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1019-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1020-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1021-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1021-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1022-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1022-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-52-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-52-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-52-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-52-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-52-lowlatency-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04|22\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.14.0-\\d{4}-oem|5.15.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k)|5.15.0-\\d{4}-(aws|azure|gcp|gke|gkeop|ibm|kvm|oracle))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.14.0-\\d{4}-oem\" : \"5.14.0-1054\",\n \"5.15.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k)\" : \"5.15.0-52\",\n \"5.15.0-\\d{4}-aws\" : \"5.15.0-1022\",\n \"5.15.0-\\d{4}-azure\" : \"5.15.0-1022\",\n \"5.15.0-\\d{4}-gcp\" : \"5.15.0-1021\",\n \"5.15.0-\\d{4}-gke\" : \"5.15.0-1019\",\n \"5.15.0-\\d{4}-gkeop\" : \"5.15.0-1007\",\n \"5.15.0-\\d{4}-ibm\" : \"5.15.0-1017\",\n \"5.15.0-\\d{4}-kvm\" : \"5.15.0-1020\",\n \"5.15.0-\\d{4}-oracle\" : \"5.15.0-1021\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5692-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2602', 'CVE-2022-41674', 'CVE-2022-42719', 'CVE-2022-42720', 'CVE-2022-42721', 'CVE-2022-42722');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5692-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-05T10:50:09", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5691-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-20T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5691-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2602", "CVE-2022-41674", "CVE-2022-42720", "CVE-2022-42721"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1036-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1049-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1056-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1073-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1078-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1086-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1088-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1092-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1094-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-131-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-131-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-131-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi"], "id": "UBUNTU_USN-5691-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166286", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5691-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166286);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-2602\",\n \"CVE-2022-41674\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\"\n );\n script_xref(name:\"USN\", value:\"5691-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5691-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5691-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5691-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41674\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1036-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1049-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1056-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1073-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1078-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1086-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1088-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1092-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1094-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-131-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-131-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-131-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)|5.4.0-\\d{4}-(aws|azure|bluefield|gcp|gkeop|ibm|kvm|oracle|raspi))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)\" : \"5.4.0-131\",\n \"5.4.0-\\d{4}-aws\" : \"5.4.0-1088\",\n \"5.4.0-\\d{4}-azure\" : \"5.4.0-1094\",\n \"5.4.0-\\d{4}-bluefield\" : \"5.4.0-1049\",\n \"5.4.0-\\d{4}-gcp\" : \"5.4.0-1092\",\n \"5.4.0-\\d{4}-gkeop\" : \"5.4.0-1056\",\n \"5.4.0-\\d{4}-ibm\" : \"5.4.0-1036\",\n \"5.4.0-\\d{4}-kvm\" : \"5.4.0-1078\",\n \"5.4.0-\\d{4}-oracle\" : \"5.4.0-1086\",\n \"5.4.0-\\d{4}-raspi\" : \"5.4.0-1073\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5691-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2602', 'CVE-2022-41674', 'CVE-2022-42720', 'CVE-2022-42721');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5691-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T18:45:22", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3809-1 advisory.\n\n - The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. (CVE-2016-3695)\n\n - Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.\n (CVE-2020-16119)\n\n - A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). (CVE-2020-27784)\n\n - A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. (CVE-2021-4155)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679) (CVE-2022-2586)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. (CVE-2022-2905)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. (CVE-2022-3169)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use- after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-01T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3809-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3695", "CVE-2020-16119", "CVE-2020-27784", "CVE-2021-4155", "CVE-2021-4203", "CVE-2022-1679", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-2503", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2663", "CVE-2022-2905", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-3169", "CVE-2022-32296", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-36879", "CVE-2022-39188", "CVE-2022-39190", "CVE-2022-40768", "CVE-2022-41218", "CVE-2022-41222", "CVE-2022-41674", "CVE-2022-41848", "CVE-2022-41849", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721", "CVE-2022-42722"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3809-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166751", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3809-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166751);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2016-3695\",\n \"CVE-2020-16119\",\n \"CVE-2020-27784\",\n \"CVE-2021-4155\",\n \"CVE-2021-4203\",\n \"CVE-2022-2503\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-2663\",\n \"CVE-2022-2905\",\n \"CVE-2022-2977\",\n \"CVE-2022-3028\",\n \"CVE-2022-3169\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-26373\",\n \"CVE-2022-32296\",\n \"CVE-2022-36879\",\n \"CVE-2022-39188\",\n \"CVE-2022-39190\",\n \"CVE-2022-40768\",\n \"CVE-2022-41218\",\n \"CVE-2022-41222\",\n \"CVE-2022-41674\",\n \"CVE-2022-41848\",\n \"CVE-2022-41849\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\",\n \"CVE-2022-42722\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3809-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3809-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3809-1 advisory.\n\n - The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to\n simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI\n error injection through EINJ when securelevel is set. (CVE-2016-3695)\n\n - Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP\n socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux\n kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.\n (CVE-2020-16119)\n\n - A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl()\n printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had\n been freed by gprinter_free(). (CVE-2020-27784)\n\n - A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size\n increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS\n filesystem otherwise not accessible to them. (CVE-2021-4155)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679) (CVE-2022-2586)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and\n incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted\n IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the\n bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to\n gain unauthorized access to data. (CVE-2022-2905)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request\n of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting\n in a PCIe link disconnect. (CVE-2022-3169)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of\n service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information\n from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused\n by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)\n\n - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is\n not held during a PUD move. (CVE-2022-41222)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant\n use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race\n condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-\n after-free if a physically proximate attacker removes a USB device while calling open(), aka a race\n condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the\n mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon\n protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1023051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197920\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204125\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012771.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7698ef9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-3695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-40768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42722\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4203\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-5.3.18-150300.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'dlm-kmp-rt-5.3.18-150300.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'gfs2-kmp-rt-5.3.18-150300.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-devel-rt-5.3.18-150300.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-rt-5.3.18-150300.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-rt-devel-5.3.18-150300.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-rt_debug-devel-5.3.18-150300.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-source-rt-5.3.18-150300.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-syms-rt-5.3.18-150300.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'ocfs2-kmp-rt-5.3.18-150300.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2023-01-10T19:37:13", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-2cfbe17910 advisory.\n\n - A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. (CVE-2022-3435)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - An issue was discovered in the Linux kernel through 5.19.11. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.14, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-14T00:00:00", "type": "nessus", "title": "Fedora 36 : kernel (2022-2cfbe17910)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3435", "CVE-2022-40768", "CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721", "CVE-2022-42722"], "modified": "2022-12-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "p-cpe:/a:fedoraproject:fedora:kernel"], "id": "FEDORA_2022-2CFBE17910.NASL", "href": "https://www.tenable.com/plugins/nessus/166144", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-2cfbe17910\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166144);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/01\");\n\n script_cve_id(\n \"CVE-2022-3435\",\n \"CVE-2022-40768\",\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\",\n \"CVE-2022-42722\"\n );\n script_xref(name:\"FEDORA\", value:\"2022-2cfbe17910\");\n\n script_name(english:\"Fedora 36 : kernel (2022-2cfbe17910)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-2cfbe17910 advisory.\n\n - A vulnerability classified as problematic has been found in Linux Kernel. This affects the function\n fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to\n out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to\n fix this issue. The identifier VDB-210357 was assigned to this vulnerability. (CVE-2022-3435)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information\n from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - An issue was discovered in the Linux kernel through 5.19.11. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially\n execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.14 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions\n to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could\n be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially\n execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.14, local attackers able to inject WLAN frames into the mac80211\n stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P\n devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-2cfbe17910\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-3435', 'CVE-2022-40768', 'CVE-2022-41674', 'CVE-2022-42719', 'CVE-2022-42720', 'CVE-2022-42721', 'CVE-2022-42722');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2022-2cfbe17910');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'kernel-5.19.15-201.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-05T14:45:33", "description": "The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5700-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. (CVE-2022-42722)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-2602)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-26T00:00:00", "type": "nessus", "title": "Ubuntu 22.10 : Linux kernel vulnerabilities (USN-5700-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23816", "CVE-2022-2602", "CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721", "CVE-2022-42722"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1006-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1006-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1009-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1009-lowlatency-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1010-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1010-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1010-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1010-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1011-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-23-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-23-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-23-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae"], "id": "UBUNTU_USN-5700-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166559", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5700-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166559);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-2602\",\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\",\n \"CVE-2022-42722\"\n );\n script_xref(name:\"USN\", value:\"5700-1\");\n\n script_name(english:\"Ubuntu 22.10 : Linux kernel vulnerabilities (USN-5700-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nUSN-5700-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the\n mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon\n protection of P2P devices. (CVE-2022-42722)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary\n speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816)\n (CVE-2022-2602)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5700-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1006-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1006-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1009-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1009-lowlatency-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1010-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1010-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1010-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1010-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1011-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-23-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-23-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-23-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(22\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.19.0-\\d{2}-(generic|generic-64k|generic-lpae)|5.19.0-\\d{4}-(aws|azure|gcp|ibm|kvm|lowlatency|lowlatency-64k|oracle|raspi|raspi-nolpae))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.19.0-\\d{2}-(generic|generic-64k|generic-lpae)\" : \"5.19.0-23\",\n \"5.19.0-\\d{4}-(azure|gcp|ibm|kvm|oracle)\" : \"5.19.0-1010\",\n \"5.19.0-\\d{4}-(lowlatency|lowlatency-64k)\" : \"5.19.0-1009\",\n \"5.19.0-\\d{4}-(raspi|raspi-nolpae)\" : \"5.19.0-1006\",\n \"5.19.0-\\d{4}-aws\" : \"5.19.0-1011\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5700-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2602', 'CVE-2022-41674', 'CVE-2022-42719', 'CVE-2022-42720', 'CVE-2022-42721', 'CVE-2022-42722');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5700-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-06T06:55:39", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5752-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. (CVE-2022-42722)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-2602)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-01T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5752-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23816", "CVE-2022-2602", "CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721", "CVE-2022-42722"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1024-azurefde", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azurefde"], "id": "UBUNTU_USN-5752-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168317", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5752-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168317);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-2602\",\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\",\n \"CVE-2022-42722\"\n );\n script_xref(name:\"USN\", value:\"5752-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5752-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5752-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the\n mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon\n protection of P2P devices. (CVE-2022-42722)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary\n speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816)\n (CVE-2022-2602)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5752-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1024-azurefde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azurefde\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(22\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{4}-azure-fde)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{4}-azure-fde\" : \"5.15.0-1024\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5752-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2602', 'CVE-2022-41674', 'CVE-2022-42719', 'CVE-2022-42720', 'CVE-2022-42721', 'CVE-2022-42722');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5752-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:44:33", "description": "The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b948fc3cfb advisory.\n\n - A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. (CVE-2022-3435)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-23T00:00:00", "type": "nessus", "title": "Fedora 35 : kernel (2022-b948fc3cfb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3435", "CVE-2022-40768", "CVE-2022-41674", "CVE-2022-42719", "CVE-2022-42720", "CVE-2022-42721", "CVE-2022-42722"], "modified": "2022-12-23T00:00:00", "cpe": ["p-cpe:2.3:a:fedoraproject:fedora:kernel:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"], "id": "FEDORA_2022-B948FC3CFB.NASL", "href": "https://www.tenable.com/plugins/nessus/169234", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-b948fc3cfb\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169234);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/23\");\n\n script_cve_id(\n \"CVE-2022-3435\",\n \"CVE-2022-40768\",\n \"CVE-2022-41674\",\n \"CVE-2022-42719\",\n \"CVE-2022-42720\",\n \"CVE-2022-42721\",\n \"CVE-2022-42722\"\n );\n script_xref(name:\"FEDORA\", value:\"2022-b948fc3cfb\");\n\n script_name(english:\"Fedora 35 : kernel (2022-b948fc3cfb)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-b948fc3cfb advisory.\n\n - A vulnerability classified as problematic has been found in Linux Kernel. This affects the function\n fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to\n out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to\n fix this issue. The identifier VDB-210357 was assigned to this vulnerability. (CVE-2022-3435)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information\n from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through\n 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and\n potentially execute code. (CVE-2022-42719)\n\n - Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through\n 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-\n free conditions to potentially execute code. (CVE-2022-42720)\n\n - A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before\n 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in\n turn, potentially execute code. (CVE-2022-42721)\n\n - In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the\n mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon\n protection of P2P devices. (CVE-2022-42722)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-b948fc3cfb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^35([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 35', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-3435', 'CVE-2022-40768', 'CVE-2022-41674', 'CVE-2022-42719', 'CVE-2022-42720', 'CVE-2022-42721', 'CVE-2022-42722');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2022-b948fc3cfb');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'kernel-5.19.15-101.fc35', 'release':'FC35', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel')

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3704-1)

Description

Related