openSUSE 15 Security Update : kernel (SUSE-SU-2022:4613-1)

2023-01-20T00:00:00

Description

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4613-1 advisory. - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602) - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-28693) - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. (CVE-2022-3567) - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628) - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. (CVE-2022-3635) - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. (CVE-2022-3707) - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. (CVE-2022-3903) - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129) - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139) - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850) - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858) - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895) - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896) - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378) - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945) - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "SUSE_SU-2022-4613-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : kernel (SUSE-SU-2022:4613-1)", "description": "The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4613-1 advisory.\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-28693)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. (CVE-2022-3567)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2023-01-20T00:00:00", "modified": "2023-03-10T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/170228", "reporter": "This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/1204241", "https://bugzilla.suse.com/1204967", "https://bugzilla.suse.com/1205796", "https://bugzilla.suse.com/1206207", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42896", "https://bugzilla.suse.com/1204791", "https://bugzilla.suse.com/1205329", "https://bugzilla.suse.com/1205128", "https://bugzilla.suse.com/1204780", "https://bugzilla.suse.com/1205700", "https://www.suse.com/security/cve/CVE-2022-42896", "https://bugzilla.suse.com/1204017", "https://bugzilla.suse.com/1184350", "https://www.suse.com/security/cve/CVE-2022-3567", "https://bugzilla.suse.com/1205753", "https://www.suse.com/security/cve/CVE-2022-41850", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4095", "https://www.suse.com/security/cve/CVE-2022-28693", "https://www.suse.com/security/cve/CVE-2022-2602", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43945", "https://bugzilla.suse.com/1204963", "https://bugzilla.suse.com/1205705", "https://bugzilla.suse.com/1204850", "https://www.suse.com/security/cve/CVE-2022-45934", "https://bugzilla.suse.com/1205985", "https://bugzilla.suse.com/1205330", "https://bugzilla.suse.com/1189297", "https://www.suse.com/security/cve/CVE-2022-3903", "https://bugzilla.suse.com/1204810", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41858", "https://bugzilla.suse.com/1065729", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42895", "https://bugzilla.suse.com/1205428", "https://bugzilla.suse.com/1200845", "https://bugzilla.suse.com/1205473", "https://www.suse.com/security/cve/CVE-2022-4139", "https://www.suse.com/security/cve/CVE-2022-43945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3628", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3567", "https://bugzilla.suse.com/1204827", "https://bugzilla.suse.com/1204957", "https://www.suse.com/security/cve/CVE-2022-4129", "https://www.suse.com/security/cve/CVE-2022-42895", "https://bugzilla.suse.com/1206037", "http://www.nessus.org/u?55005ec1", "https://bugzilla.suse.com/1204693", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4139", "https://bugzilla.suse.com/1205130", "https://bugzilla.suse.com/1204934", "https://www.suse.com/security/cve/CVE-2022-4378", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3635", "https://bugzilla.suse.com/1203144", "https://www.suse.com/security/cve/CVE-2022-3707", "https://bugzilla.suse.com/1192761", "https://www.suse.com/security/cve/CVE-2022-3635", "https://www.suse.com/security/cve/CVE-2022-3628", "https://bugzilla.suse.com/1205514", "https://bugzilla.suse.com/1205220", "https://bugzilla.suse.com/1205989", "https://bugzilla.suse.com/1204215", "https://bugzilla.suse.com/1205987", "https://bugzilla.suse.com/1204328", "https://bugzilla.suse.com/1206032", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4129", "https://bugzilla.suse.com/1204446", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4378", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28693", "https://bugzilla.suse.com/1204868", "https://bugzilla.suse.com/1205671", "https://bugzilla.suse.com/1201455", "https://bugzilla.suse.com/1203746", "https://bugzilla.suse.com/1205986", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3707", "https://bugzilla.suse.com/1156395", "https://bugzilla.suse.com/1205984", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41850", "https://www.suse.com/security/cve/CVE-2022-41858", "https://bugzilla.suse.com/1205186", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602", "https://bugzilla.suse.com/1205617", "https://bugzilla.suse.com/1204631", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45934", "https://bugzilla.suse.com/1204636", "https://www.suse.com/security/cve/CVE-2022-4095", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3903", "https://bugzilla.suse.com/1204142", "https://bugzilla.suse.com/1205709", "https://bugzilla.suse.com/1071995", "https://bugzilla.suse.com/1205988"], "cvelist": ["CVE-2022-0171", "CVE-2022-23816", "CVE-2022-2602", "CVE-2022-28693", "CVE-2022-3567", "CVE-2022-3628", "CVE-2022-3635", "CVE-2022-3707", "CVE-2022-3903", "CVE-2022-4095", "CVE-2022-4129", "CVE-2022-4139", "CVE-2022-41850", "CVE-2022-41858", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-43945", "CVE-2022-45934"], "immutableFields": [], "lastseen": "2023-05-17T16:41:48", "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:7110", "ALSA-2022:7134", "ALSA-2022:7933", "ALSA-2022:8267", "ALSA-2023:0101", "ALSA-2023:0114", "ALSA-2023:0300", "ALSA-2023:0334", "ALSA-2023:0832", "ALSA-2023:0854", "ALSA-2023:0951", "ALSA-2023:0979", "ALSA-2023:1566", "ALSA-2023:1584", "ALSA-2023:2148", "ALSA-2023:2458"]}, {"type": "amazon", "idList": ["ALAS-2022-1645", "ALAS-2022-1876", "ALAS-2022-1888", "ALAS-2023-1932", "ALAS2-2022-1838", "ALAS2-2022-1903", "ALAS2-2023-1932"]}, {"type": "amd", "idList": ["AMD-SB-1037"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2023:1091"]}, {"type": "cloudlinux", "idList": ["CLSA-2023:1682705952", "CLSA-2023:1682711481"]}, {"type": "cnvd", "idList": ["CNVD-2022-68086", "CNVD-2022-72084", "CNVD-2022-85504"]}, {"type": "cve", "idList": ["CVE-2022-0171", "CVE-2022-23816", "CVE-2022-3567", "CVE-2022-3628", "CVE-2022-3635", "CVE-2022-3707", "CVE-2022-3903", "CVE-2022-4095", "CVE-2022-4129", "CVE-2022-4139", "CVE-2022-41850", "CVE-2022-41858", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-43945", "CVE-2022-45934"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3173-1:82909", "DEBIAN:DLA-3244-1:12088", "DEBIAN:DLA-3245-1:5D45B", "DEBIAN:DSA-5184-1:CABB7", "DEBIAN:DSA-5257-1:DB743", "DEBIAN:DSA-5324-1:8EBE4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-0171", "DEBIANCVE:CVE-2022-23816", "DEBIANCVE:CVE-2022-2602", "DEBIANCVE:CVE-2022-3567", "DEBIANCVE:CVE-2022-3628", "DEBIANCVE:CVE-2022-3635", "DEBIANCVE:CVE-2022-3707", "DEBIANCVE:CVE-2022-3903", "DEBIANCVE:CVE-2022-4095", "DEBIANCVE:CVE-2022-4129", "DEBIANCVE:CVE-2022-4139", "DEBIANCVE:CVE-2022-41850", "DEBIANCVE:CVE-2022-41858", "DEBIANCVE:CVE-2022-42895", "DEBIANCVE:CVE-2022-42896", "DEBIANCVE:CVE-2022-4378", "DEBIANCVE:CVE-2022-43945", "DEBIANCVE:CVE-2022-45934"]}, {"type": "f5", "idList": ["F5:K69334442"]}, {"type": "fedora", "idList": ["FEDORA:3622F307260C", "FEDORA:3E0893021FB2", "FEDORA:7530C304C4C2", "FEDORA:79262304C76D", "FEDORA:A36BD30582D8", "FEDORA:A66243068B4B", "FEDORA:B39F230582E2", "FEDORA:E6CE83084966"]}, {"type": "githubexploit", "idList": ["191EA2A2-A596-5DE6-9E3C-16764FD31DB4", "48A6CF92-30C0-5ABD-894A-38DE0329DA11", "4FBF7A3B-F996-53AD-8ED5-4C2ED0283698", "75991DB8-5059-57ED-BB85-3A5F3309F92C", "88B2258B-A28E-5C00-85F0-542DB0BD2275", "9080771D-5FCF-52BA-A72B-EC1BD7CF79B7", "947C195E-C204-5E09-82FA-6C302D81AD05", "BDD6E431-5CC7-5183-A9D8-4870D7DF5670", "BEF9C9DA-D16B-58C7-AD6A-7A645E871F56", "CE3B1D33-B4CA-596B-88B1-7DAA7FF99D30", "CEF1CF82-EB41-5011-81A4-38FBB4B05FCF", "D789A432-2137-57A8-BD99-560ABE0F7D40", "ED4486DF-C3F3-577E-A1AF-2DF89300C736"]}, {"type": "ibm", "idList": ["1D0C47C863486617E3DB329A62F4FFC3F23EAEA7A011A9C39ADDEBA1D66287D0", "5B63337BED8D1831437D9E9CDA230341D96CD4E72BF44B64671DD96E2E83D164", "7723E7232CDF38CAF6FB9BEBC720727705544B73B826D4C481C2D54FB681768E", "A6D9D4111807AA4EB0126419E70851CE3116CAE1D7000C36A1B26DAEBCF4424F", "B5A64C62AD14AC5F708718469CD252B6E7CC148ED6744F6CA78BE827CE0DE99F", "C8058EE2D98E4E3A2B41A83E031B9A6C3266947F454144446221EF58E526C98F"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00707"]}, {"type": "mageia", "idList": ["MGASA-2022-0379", "MGASA-2022-0380", "MGASA-2022-0442", "MGASA-2022-0443", "MGASA-2022-0477", "MGASA-2022-0478", "MGASA-2023-0007", "MGASA-2023-0008", "MGASA-2023-0087", "MGASA-2023-0088"]}, {"type": "mscve", "idList": ["MS:CVE-2022-23816", "MS:CVE-2022-29900"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-127.NASL", "AL2022_ALAS2022-2022-150.NASL", "AL2022_ALAS2022-2022-185.NASL", "AL2023_ALAS2023-2023-070.NASL", "AL2_ALAS-2022-1838.NASL", "AL2_ALAS-2022-1876.NASL", "AL2_ALAS-2022-1888.NASL", "AL2_ALAS-2022-1903.NASL", "AL2_ALAS-2023-1932.NASL", "AL2_ALASKERNEL-5_10-2022-019.NASL", "AL2_ALASKERNEL-5_10-2022-021.NASL", "AL2_ALASKERNEL-5_10-2022-023.NASL", "AL2_ALASKERNEL-5_10-2022-024.NASL", "AL2_ALASKERNEL-5_10-2023-025.NASL", "AL2_ALASKERNEL-5_10-2023-027.NASL", "AL2_ALASKERNEL-5_15-2022-006.NASL", "AL2_ALASKERNEL-5_15-2022-008.NASL", "AL2_ALASKERNEL-5_15-2022-009.NASL", "AL2_ALASKERNEL-5_15-2022-010.NASL", "AL2_ALASKERNEL-5_15-2023-012.NASL", "AL2_ALASKERNEL-5_15-2023-014.NASL", "AL2_ALASKERNEL-5_4-2022-037.NASL", "AL2_ALASKERNEL-5_4-2022-039.NASL", "AL2_ALASKERNEL-5_4-2023-042.NASL", "ALA_ALAS-2022-1645.NASL", "ALMA_LINUX_ALSA-2022-7110.NASL", "ALMA_LINUX_ALSA-2022-7134.NASL", "ALMA_LINUX_ALSA-2022-7933.NASL", "ALMA_LINUX_ALSA-2022-8267.NASL", "ALMA_LINUX_ALSA-2023-0101.NASL", "ALMA_LINUX_ALSA-2023-0114.NASL", "ALMA_LINUX_ALSA-2023-0123.NASL", "ALMA_LINUX_ALSA-2023-0300.NASL", "ALMA_LINUX_ALSA-2023-0334.NASL", "ALMA_LINUX_ALSA-2023-0348.NASL", "ALMA_LINUX_ALSA-2023-0832.NASL", "ALMA_LINUX_ALSA-2023-0839.NASL", "ALMA_LINUX_ALSA-2023-0854.NASL", "ALMA_LINUX_ALSA-2023-0951.NASL", "ALMA_LINUX_ALSA-2023-0979.NASL", "ALMA_LINUX_ALSA-2023-1008.NASL", "ALMA_LINUX_ALSA-2023-1566.NASL", "ALMA_LINUX_ALSA-2023-1659.NASL", "ALMA_LINUX_ALSA-2023-2148.NASL", "ALMA_LINUX_ALSA-2023-2458.NASL", "CENTOS_RHSA-2023-1091.NASL", "DEBIAN_DLA-3173.NASL", "DEBIAN_DLA-3244.NASL", "DEBIAN_DLA-3245.NASL", "DEBIAN_DLA-3349.NASL", "DEBIAN_DLA-3403.NASL", "DEBIAN_DLA-3404.NASL", "DEBIAN_DSA-5184.NASL", "DEBIAN_DSA-5257.NASL", "DEBIAN_DSA-5324.NASL", "EULEROS_SA-2022-2090.NASL", "EULEROS_SA-2022-2134.NASL", "EULEROS_SA-2022-2796.NASL", "EULEROS_SA-2022-2823.NASL", "EULEROS_SA-2022-2848.NASL", "EULEROS_SA-2023-1012.NASL", "EULEROS_SA-2023-1037.NASL", "EULEROS_SA-2023-1102.NASL", "EULEROS_SA-2023-1126.NASL", "EULEROS_SA-2023-1147.NASL", "EULEROS_SA-2023-1168.NASL", "EULEROS_SA-2023-1320.NASL", "EULEROS_SA-2023-1360.NASL", "EULEROS_SA-2023-1388.NASL", "EULEROS_SA-2023-1409.NASL", "EULEROS_SA-2023-1424.NASL", "EULEROS_SA-2023-1469.NASL", "EULEROS_SA-2023-1507.NASL", "EULEROS_SA-2023-1526.NASL", "EULEROS_SA-2023-1551.NASL", "EULEROS_SA-2023-1574.NASL", "EULEROS_SA-2023-1584.NASL", "EULEROS_SA-2023-1637.NASL", "EULEROS_SA-2023-1671.NASL", "EULEROS_SA-2023-1695.NASL", "EULEROS_SA-2023-1759.NASL", "EULEROS_SA-2023-1781.NASL", "EULEROS_SA-2023-1824.NASL", "EULEROS_SA-2023-1873.NASL", "EULEROS_SA-2023-1902.NASL", "EULEROS_SA-2023-1933.NASL", "FEDORA_2022-24041B1667.NASL", "FEDORA_2022-B36CD53DCA.NASL", "FEDORA_2022-C69EF9C1DD.NASL", "MARINER_HYPERV-DAEMONS_CVE-2022-3707.NASL", "MARINER_KERNEL_CVE-2022-0171.NASL", "MARINER_KERNEL_CVE-2022-41858.NASL", "MARINER_KERNEL_CVE-2022-43945.NASL", "MARINER_KERNEL_CVE-2022-45934.NASL", "NEWSTART_CGSL_NS-SA-2023-0005_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0017_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0030_KERNEL.NASL", "NUTANIX_NXSA-AHV-20220304_10013.NASL", "NUTANIX_NXSA-AOS-6_5_3.NASL", "NUTANIX_NXSA-AOS-6_6_2.NASL", "ORACLELINUX_ELSA-2022-10071.NASL", "ORACLELINUX_ELSA-2022-10072.NASL", "ORACLELINUX_ELSA-2022-10073.NASL", "ORACLELINUX_ELSA-2022-10078.NASL", "ORACLELINUX_ELSA-2022-10079.NASL", "ORACLELINUX_ELSA-2022-10080.NASL", "ORACLELINUX_ELSA-2022-10081.NASL", "ORACLELINUX_ELSA-2022-7110.NASL", "ORACLELINUX_ELSA-2022-7337.NASL", "ORACLELINUX_ELSA-2022-8267.NASL", "ORACLELINUX_ELSA-2022-9590.NASL", "ORACLELINUX_ELSA-2022-9591.NASL", "ORACLELINUX_ELSA-2022-9709.NASL", "ORACLELINUX_ELSA-2022-9710.NASL", "ORACLELINUX_ELSA-2023-0101.NASL", "ORACLELINUX_ELSA-2023-0334.NASL", "ORACLELINUX_ELSA-2023-0832.NASL", "ORACLELINUX_ELSA-2023-0951.NASL", "ORACLELINUX_ELSA-2023-1091.NASL", "ORACLELINUX_ELSA-2023-12006.NASL", "ORACLELINUX_ELSA-2023-12007.NASL", "ORACLELINUX_ELSA-2023-12008.NASL", "ORACLELINUX_ELSA-2023-12009.NASL", "ORACLELINUX_ELSA-2023-12017.NASL", "ORACLELINUX_ELSA-2023-12018.NASL", "ORACLELINUX_ELSA-2023-12109.NASL", "ORACLELINUX_ELSA-2023-12116.NASL", "ORACLELINUX_ELSA-2023-12117.NASL", "ORACLELINUX_ELSA-2023-12118.NASL", "ORACLELINUX_ELSA-2023-12119.NASL", "ORACLELINUX_ELSA-2023-12120.NASL", "ORACLELINUX_ELSA-2023-12121.NASL", "ORACLELINUX_ELSA-2023-12160.NASL", "ORACLELINUX_ELSA-2023-12196.NASL", "ORACLELINUX_ELSA-2023-12199.NASL", "ORACLELINUX_ELSA-2023-12200.NASL", "ORACLELINUX_ELSA-2023-12206.NASL", "ORACLELINUX_ELSA-2023-12207.NASL", "ORACLELINUX_ELSA-2023-12255.NASL", "ORACLELINUX_ELSA-2023-12256.NASL", "ORACLELINUX_ELSA-2023-12323.NASL", "ORACLELINUX_ELSA-2023-1566.NASL", "ORACLELINUX_ELSA-2023-2458.NASL", "ORACLEVM_OVMSA-2022-0032.NASL", "ORACLEVM_OVMSA-2023-0001.NASL", "ORACLEVM_OVMSA-2023-0004.NASL", "REDHAT-RHSA-2022-7110.NASL", "REDHAT-RHSA-2022-7134.NASL", "REDHAT-RHSA-2022-7337.NASL", "REDHAT-RHSA-2022-7338.NASL", "REDHAT-RHSA-2022-7933.NASL", "REDHAT-RHSA-2022-8267.NASL", "REDHAT-RHSA-2022-8973.NASL", "REDHAT-RHSA-2022-8974.NASL", "REDHAT-RHSA-2022-9082.NASL", "REDHAT-RHSA-2023-0101.NASL", "REDHAT-RHSA-2023-0114.NASL", "REDHAT-RHSA-2023-0123.NASL", "REDHAT-RHSA-2023-0300.NASL", "REDHAT-RHSA-2023-0334.NASL", "REDHAT-RHSA-2023-0348.NASL", "REDHAT-RHSA-2023-0440.NASL", "REDHAT-RHSA-2023-0441.NASL", "REDHAT-RHSA-2023-0496.NASL", "REDHAT-RHSA-2023-0499.NASL", "REDHAT-RHSA-2023-0512.NASL", "REDHAT-RHSA-2023-0526.NASL", "REDHAT-RHSA-2023-0531.NASL", "REDHAT-RHSA-2023-0536.NASL", "REDHAT-RHSA-2023-0832.NASL", "REDHAT-RHSA-2023-0839.NASL", "REDHAT-RHSA-2023-0854.NASL", "REDHAT-RHSA-2023-0856.NASL", "REDHAT-RHSA-2023-0858.NASL", "REDHAT-RHSA-2023-0859.NASL", "REDHAT-RHSA-2023-0944.NASL", "REDHAT-RHSA-2023-0945.NASL", "REDHAT-RHSA-2023-0951.NASL", "REDHAT-RHSA-2023-0979.NASL", "REDHAT-RHSA-2023-1008.NASL", "REDHAT-RHSA-2023-1091.NASL", "REDHAT-RHSA-2023-1092.NASL", "REDHAT-RHSA-2023-1101.NASL", "REDHAT-RHSA-2023-1103.NASL", "REDHAT-RHSA-2023-1109.NASL", "REDHAT-RHSA-2023-1110.NASL", "REDHAT-RHSA-2023-1202.NASL", "REDHAT-RHSA-2023-1203.NASL", "REDHAT-RHSA-2023-1220.NASL", "REDHAT-RHSA-2023-1221.NASL", "REDHAT-RHSA-2023-1251.NASL", "REDHAT-RHSA-2023-1435.NASL", "REDHAT-RHSA-2023-1566.NASL", "REDHAT-RHSA-2023-1584.NASL", "REDHAT-RHSA-2023-1659.NASL", "REDHAT-RHSA-2023-1705.NASL", "REDHAT-RHSA-2023-1706.NASL", "REDHAT-RHSA-2023-1822.NASL", "REDHAT-RHSA-2023-2148.NASL", "REDHAT-RHSA-2023-2458.NASL", "REDHAT-RHSA-2023-2736.NASL", "REDHAT-RHSA-2023-2951.NASL", "ROCKY_LINUX_RLSA-2022-7110.NASL", "ROCKY_LINUX_RLSA-2022-7134.NASL", "ROCKY_LINUX_RLSA-2023-0832.NASL", "ROCKY_LINUX_RLSA-2023-0854.NASL", "ROCKY_LINUX_RLSA-2023-0979.NASL", "ROCKY_LINUX_RLSA-2023-1566.NASL", "ROCKY_LINUX_RLSA-2023-1584.NASL", "SLACKWARE_SSA_2022-333-01.NASL", "SLACKWARE_SSA_2023-048-01.NASL", "SL_20221103_KERNEL_ON_SL7_X.NASL", "SL_20230307_KERNEL_ON_SL7_X.NASL", "SMB_NT_MS22_JUL_5015827.NASL", "SUSE_SU-2022-2557-1.NASL", "SUSE_SU-2022-2560-1.NASL", "SUSE_SU-2022-2569-1.NASL", "SUSE_SU-2022-2574-1.NASL", "SUSE_SU-2022-2591-1.NASL", "SUSE_SU-2022-2597-1.NASL", "SUSE_SU-2022-2599-1.NASL", "SUSE_SU-2022-2600-1.NASL", "SUSE_SU-2022-2601-1.NASL", "SUSE_SU-2022-2722-1.NASL", "SUSE_SU-2022-2741-1.NASL", "SUSE_SU-2022-2803-1.NASL", "SUSE_SU-2022-2809-1.NASL", "SUSE_SU-2022-2875-1.NASL", "SUSE_SU-2022-3288-1.NASL", "SUSE_SU-2022-3293-1.NASL", "SUSE_SU-2022-3930-1.NASL", "SUSE_SU-2022-3998-1.NASL", "SUSE_SU-2022-4072-1.NASL", "SUSE_SU-2022-4503-1.NASL", "SUSE_SU-2022-4504-1.NASL", "SUSE_SU-2022-4505-1.NASL", "SUSE_SU-2022-4506-1.NASL", "SUSE_SU-2022-4510-1.NASL", "SUSE_SU-2022-4513-1.NASL", "SUSE_SU-2022-4515-1.NASL", "SUSE_SU-2022-4516-1.NASL", "SUSE_SU-2022-4517-1.NASL", "SUSE_SU-2022-4518-1.NASL", "SUSE_SU-2022-4520-1.NASL", "SUSE_SU-2022-4527-1.NASL", "SUSE_SU-2022-4528-1.NASL", "SUSE_SU-2022-4533-1.NASL", "SUSE_SU-2022-4534-1.NASL", "SUSE_SU-2022-4539-1.NASL", "SUSE_SU-2022-4542-1.NASL", "SUSE_SU-2022-4543-1.NASL", "SUSE_SU-2022-4544-1.NASL", "SUSE_SU-2022-4545-1.NASL", "SUSE_SU-2022-4546-1.NASL", "SUSE_SU-2022-4550-1.NASL", "SUSE_SU-2022-4551-1.NASL", "SUSE_SU-2022-4559-1.NASL", "SUSE_SU-2022-4560-1.NASL", "SUSE_SU-2022-4561-1.NASL", "SUSE_SU-2022-4562-1.NASL", "SUSE_SU-2022-4566-1.NASL", "SUSE_SU-2022-4569-1.NASL", "SUSE_SU-2022-4572-1.NASL", "SUSE_SU-2022-4573-1.NASL", "SUSE_SU-2022-4574-1.NASL", "SUSE_SU-2022-4577-1.NASL", "SUSE_SU-2022-4580-1.NASL", "SUSE_SU-2022-4585-1.NASL", "SUSE_SU-2022-4587-1.NASL", "SUSE_SU-2022-4589-1.NASL", "SUSE_SU-2022-4595-1.NASL", "SUSE_SU-2022-4611-1.NASL", "SUSE_SU-2022-4614-1.NASL", "SUSE_SU-2022-4615-1.NASL", "SUSE_SU-2022-4616-1.NASL", "SUSE_SU-2022-4617-1.NASL", "SUSE_SU-2023-0229-1.NASL", "SUSE_SU-2023-0237-1.NASL", "SUSE_SU-2023-0245-1.NASL", "SUSE_SU-2023-0262-1.NASL", "SUSE_SU-2023-0267-1.NASL", "SUSE_SU-2023-0270-1.NASL", "SUSE_SU-2023-0277-1.NASL", "SUSE_SU-2023-0280-1.NASL", "SUSE_SU-2023-0281-1.NASL", "SUSE_SU-2023-0331-1.NASL", "SUSE_SU-2023-0339-1.NASL", "SUSE_SU-2023-0420-1.NASL", "SUSE_SU-2023-0485-1.NASL", "SUSE_SU-2023-0618-1.NASL", "SUSE_SU-2023-0634-1.NASL", "SUSE_SU-2023-0747-1.NASL", "SUSE_SU-2023-0762-1.NASL", "SUSE_SU-2023-0768-1.NASL", "SUSE_SU-2023-0770-1.NASL", "SUSE_SU-2023-0778-1.NASL", "SUSE_SU-2023-0780-1.NASL", "SUSE_SU-2023-0796-1.NASL", "SUSE_SU-2023-0852-1.NASL", "SUSE_SU-2023-1608-1.NASL", "SUSE_SU-2023-1710-1.NASL", "SUSE_SU-2023-2146-1.NASL", "SUSE_SU-2023-2148-1.NASL", "SUSE_SU-2023-2151-1.NASL", "SUSE_SU-2023-2162-1.NASL", "SUSE_SU-2023-2163-1.NASL", "UBUNTU_USN-5691-1.NASL", "UBUNTU_USN-5692-1.NASL", "UBUNTU_USN-5693-1.NASL", "UBUNTU_USN-5700-1.NASL", "UBUNTU_USN-5727-1.NASL", "UBUNTU_USN-5727-2.NASL", "UBUNTU_USN-5728-1.NASL", "UBUNTU_USN-5728-2.NASL", "UBUNTU_USN-5728-3.NASL", "UBUNTU_USN-5729-1.NASL", "UBUNTU_USN-5729-2.NASL", "UBUNTU_USN-5752-1.NASL", "UBUNTU_USN-5754-1.NASL", "UBUNTU_USN-5754-2.NASL", "UBUNTU_USN-5755-1.NASL", "UBUNTU_USN-5755-2.NASL", "UBUNTU_USN-5756-1.NASL", "UBUNTU_USN-5756-2.NASL", "UBUNTU_USN-5756-3.NASL", "UBUNTU_USN-5757-1.NASL", "UBUNTU_USN-5757-2.NASL", "UBUNTU_USN-5758-1.NASL", "UBUNTU_USN-5773-1.NASL", "UBUNTU_USN-5774-1.NASL", "UBUNTU_USN-5779-1.NASL", "UBUNTU_USN-5780-1.NASL", "UBUNTU_USN-5783-1.NASL", "UBUNTU_USN-5789-1.NASL", "UBUNTU_USN-5790-1.NASL", "UBUNTU_USN-5791-1.NASL", "UBUNTU_USN-5791-2.NASL", "UBUNTU_USN-5791-3.NASL", "UBUNTU_USN-5792-1.NASL", "UBUNTU_USN-5792-2.NASL", "UBUNTU_USN-5793-1.NASL", "UBUNTU_USN-5793-2.NASL", "UBUNTU_USN-5793-3.NASL", "UBUNTU_USN-5793-4.NASL", "UBUNTU_USN-5794-1.NASL", "UBUNTU_USN-5799-1.NASL", "UBUNTU_USN-5802-1.NASL", "UBUNTU_USN-5803-1.NASL", "UBUNTU_USN-5804-1.NASL", "UBUNTU_USN-5804-2.NASL", "UBUNTU_USN-5808-1.NASL", "UBUNTU_USN-5809-1.NASL", "UBUNTU_USN-5813-1.NASL", "UBUNTU_USN-5814-1.NASL", "UBUNTU_USN-5815-1.NASL", "UBUNTU_USN-5829-1.NASL", "UBUNTU_USN-5830-1.NASL", "UBUNTU_USN-5831-1.NASL", "UBUNTU_USN-5832-1.NASL", "UBUNTU_USN-5850-1.NASL", "UBUNTU_USN-5851-1.NASL", "UBUNTU_USN-5853-1.NASL", "UBUNTU_USN-5854-1.NASL", "UBUNTU_USN-5858-1.NASL", "UBUNTU_USN-5859-1.NASL", "UBUNTU_USN-5860-1.NASL", "UBUNTU_USN-5861-1.NASL", "UBUNTU_USN-5862-1.NASL", "UBUNTU_USN-5863-1.NASL", "UBUNTU_USN-5865-1.NASL", "UBUNTU_USN-5874-1.NASL", "UBUNTU_USN-5875-1.NASL", "UBUNTU_USN-5876-1.NASL", "UBUNTU_USN-5877-1.NASL", "UBUNTU_USN-5878-1.NASL", "UBUNTU_USN-5879-1.NASL", "UBUNTU_USN-5883-1.NASL", "UBUNTU_USN-5884-1.NASL", "UBUNTU_USN-5909-1.NASL", "UBUNTU_USN-5911-1.NASL", "UBUNTU_USN-5912-1.NASL", "UBUNTU_USN-5913-1.NASL", "UBUNTU_USN-5914-1.NASL", "UBUNTU_USN-5915-1.NASL", "UBUNTU_USN-5917-1.NASL", "UBUNTU_USN-5918-1.NASL", "UBUNTU_USN-5919-1.NASL", "UBUNTU_USN-5920-1.NASL", "UBUNTU_USN-5925-1.NASL", "UBUNTU_USN-5926-1.NASL", "UBUNTU_USN-5927-1.NASL", "UBUNTU_USN-5929-1.NASL", "UBUNTU_USN-5934-1.NASL", "UBUNTU_USN-5935-1.NASL", "UBUNTU_USN-5938-1.NASL", "UBUNTU_USN-5939-1.NASL", "UBUNTU_USN-5940-1.NASL", "UBUNTU_USN-5941-1.NASL", "UBUNTU_USN-5950-1.NASL", "UBUNTU_USN-5951-1.NASL", "UBUNTU_USN-5962-1.NASL", "UBUNTU_USN-5970-1.NASL", "UBUNTU_USN-5975-1.NASL", "UBUNTU_USN-5976-1.NASL", "UBUNTU_USN-5979-1.NASL", "UBUNTU_USN-5981-1.NASL", "UBUNTU_USN-5982-1.NASL", "UBUNTU_USN-5984-1.NASL", "UBUNTU_USN-5987-1.NASL", "UBUNTU_USN-5991-1.NASL", "UBUNTU_USN-6000-1.NASL", "UBUNTU_USN-6001-1.NASL", "UBUNTU_USN-6004-1.NASL", "UBUNTU_USN-6007-1.NASL", "UBUNTU_USN-6009-1.NASL", "UBUNTU_USN-6014-1.NASL", "UBUNTU_USN-6025-1.NASL", "UBUNTU_USN-6027-1.NASL", "UBUNTU_USN-6029-1.NASL", "UBUNTU_USN-6030-1.NASL", "UBUNTU_USN-6031-1.NASL", "UBUNTU_USN-6040-1.NASL", "UBUNTU_USN-6045-1.NASL", "UBUNTU_USN-6057-1.NASL", "UBUNTU_USN-6071-1.NASL", "UBUNTU_USN-6079-1.NASL", "UBUNTU_USN-6080-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-10071", "ELSA-2022-10072", "ELSA-2022-10073", "ELSA-2022-10078", "ELSA-2022-10079", "ELSA-2022-10080", "ELSA-2022-10081", "ELSA-2022-10108", "ELSA-2022-7110", "ELSA-2022-7337", "ELSA-2022-8267", "ELSA-2022-9590", "ELSA-2022-9591", "ELSA-2022-9709", "ELSA-2022-9710", "ELSA-2023-0101", "ELSA-2023-0334", "ELSA-2023-0832", "ELSA-2023-0951", "ELSA-2023-1091", "ELSA-2023-12006", "ELSA-2023-12007", "ELSA-2023-12008", "ELSA-2023-12009", "ELSA-2023-12017", "ELSA-2023-12018", "ELSA-2023-12109", "ELSA-2023-12116", "ELSA-2023-12117", "ELSA-2023-12118", "ELSA-2023-12119", "ELSA-2023-12120", "ELSA-2023-12121", "ELSA-2023-12160", "ELSA-2023-12196", "ELSA-2023-12199", "ELSA-2023-12200", "ELSA-2023-12206", "ELSA-2023-12207", "ELSA-2023-12255", "ELSA-2023-12256", "ELSA-2023-12323", "ELSA-2023-1566", "ELSA-2023-2458"]}, {"type": "osv", "idList": ["OSV:CVE-2022-23816", "OSV:DLA-3173-1", "OSV:DLA-3244-1", "OSV:DLA-3245-1", "OSV:DLA-3349-1", "OSV:DLA-3403-1", "OSV:DLA-3404-1", "OSV:DSA-5257-1", "OSV:DSA-5257-2", "OSV:DSA-5324-1"]}, {"type": "photon", "idList": ["PHSA-2022-0271", "PHSA-2022-0280", "PHSA-2022-0290", "PHSA-2022-0297", "PHSA-2022-0299", "PHSA-2022-3.0-0485", "PHSA-2022-3.0-0488", "PHSA-2022-3.0-0502", "PHSA-2022-3.0-0504", "PHSA-2022-4.0-0271", "PHSA-2022-4.0-0275", "PHSA-2022-4.0-0280", "PHSA-2022-4.0-0290", "PHSA-2022-4.0-0297", "PHSA-2022-4.0-0299", "PHSA-2022-4.0-0304", "PHSA-2023-3.0-0559", "PHSA-2023-4.0-0338", "PHSA-2023-4.0-0372"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:B54637535A9D368B19D4D9881C6C34B3"]}, {"type": "redhat", "idList": ["RHSA-2022:6882", "RHSA-2022:7110", "RHSA-2022:7134", "RHSA-2022:7201", "RHSA-2022:7276", "RHSA-2022:7313", "RHSA-2022:7337", "RHSA-2022:7338", "RHSA-2022:7434", "RHSA-2022:7933", "RHSA-2022:8267", "RHSA-2022:8973", "RHSA-2022:8974", "RHSA-2022:9082", "RHSA-2023:0101", "RHSA-2023:0114", "RHSA-2023:0123", "RHSA-2023:0300", "RHSA-2023:0334", "RHSA-2023:0348", "RHSA-2023:0440", "RHSA-2023:0441", "RHSA-2023:0496", "RHSA-2023:0499", "RHSA-2023:0512", "RHSA-2023:0526", "RHSA-2023:0531", "RHSA-2023:0536", "RHSA-2023:0794", "RHSA-2023:0832", "RHSA-2023:0839", "RHSA-2023:0854", "RHSA-2023:0856", "RHSA-2023:0858", "RHSA-2023:0859", "RHSA-2023:0930", "RHSA-2023:0931", "RHSA-2023:0932", "RHSA-2023:0944", "RHSA-2023:0945", "RHSA-2023:0951", "RHSA-2023:0979", "RHSA-2023:1008", "RHSA-2023:1091", "RHSA-2023:1092", "RHSA-2023:1101", "RHSA-2023:1103", "RHSA-2023:1109", "RHSA-2023:1110", "RHSA-2023:1202", "RHSA-2023:1203", "RHSA-2023:1220", "RHSA-2023:1221", "RHSA-2023:1251", "RHSA-2023:1392", "RHSA-2023:1393", "RHSA-2023:1435", "RHSA-2023:1566", "RHSA-2023:1584", "RHSA-2023:1659", "RHSA-2023:1705", "RHSA-2023:1706", "RHSA-2023:1822", "RHSA-2023:1953", "RHSA-2023:2083", "RHSA-2023:2104", "RHSA-2023:2148", "RHSA-2023:2458", "RHSA-2023:2951"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-0171", "RH:CVE-2022-23816", "RH:CVE-2022-23824", "RH:CVE-2022-2602", "RH:CVE-2022-28693", "RH:CVE-2022-3564", "RH:CVE-2022-3567", "RH:CVE-2022-3628", "RH:CVE-2022-3635", "RH:CVE-2022-3707", "RH:CVE-2022-3903", "RH:CVE-2022-4095", "RH:CVE-2022-4129", "RH:CVE-2022-4139", "RH:CVE-2022-41850", "RH:CVE-2022-41858", "RH:CVE-2022-42895", "RH:CVE-2022-42896", "RH:CVE-2022-4378", "RH:CVE-2022-43945", "RH:CVE-2022-45934"]}, {"type": "rocky", "idList": ["RLSA-2022:7110", "RLSA-2022:7134", "RLSA-2023:0101", "RLSA-2023:0114", "RLSA-2023:0300", "RLSA-2023:0334", "RLSA-2023:0832", "RLSA-2023:0854", "RLSA-2023:0979", "RLSA-2023:1566", "RLSA-2023:1584", "RXSA-2023:0101", "RXSA-2023:0334", "RXSA-2023:0832", "RXSA-2023:0951", "RXSA-2023:1566"]}, {"type": "slackware", "idList": ["SSA-2022-333-01", "SSA-2023-048-01"]}, {"type": "suse", "idList": ["SUSE-SU-2022:2597-1", "SUSE-SU-2022:2599-1", "SUSE-SU-2022:2599-2", "SUSE-SU-2022:3288-1", "SUSE-SU-2022:3293-1"]}, {"type": "ubuntu", "idList": ["LSN-0090-1", "LSN-0092-1", "USN-5691-1", "USN-5692-1", "USN-5693-1", "USN-5700-1", "USN-5727-1", "USN-5727-2", "USN-5728-1", "USN-5728-2", "USN-5728-3", "USN-5729-1", "USN-5729-2", "USN-5752-1", "USN-5754-1", "USN-5754-2", "USN-5755-1", "USN-5755-2", "USN-5756-1", "USN-5756-2", "USN-5756-3", "USN-5757-1", "USN-5757-2", "USN-5758-1", "USN-5773-1", "USN-5774-1", "USN-5779-1", "USN-5780-1", "USN-5783-1", "USN-5789-1", "USN-5790-1", "USN-5791-1", "USN-5791-2", "USN-5791-3", "USN-5792-1", "USN-5792-2", "USN-5793-1", "USN-5793-2", "USN-5793-3", "USN-5793-4", "USN-5794-1", "USN-5799-1", "USN-5802-1", "USN-5803-1", "USN-5804-1", "USN-5804-2", "USN-5808-1", "USN-5809-1", "USN-5813-1", "USN-5814-1", "USN-5815-1", "USN-5829-1", "USN-5830-1", "USN-5831-1", "USN-5832-1", "USN-5850-1", "USN-5851-1", "USN-5853-1", "USN-5854-1", "USN-5858-1", "USN-5859-1", "USN-5860-1", "USN-5861-1", "USN-5862-1", "USN-5863-1", "USN-5865-1", "USN-5874-1", "USN-5875-1", "USN-5876-1", "USN-5877-1", "USN-5878-1", "USN-5879-1", "USN-5883-1", "USN-5884-1", "USN-5909-1", "USN-5911-1", "USN-5912-1", "USN-5914-1", "USN-5915-1", "USN-5917-1", "USN-5918-1", "USN-5919-1", "USN-5920-1", "USN-5924-1", "USN-5925-1", "USN-5926-1", "USN-5927-1", "USN-5929-1", "USN-5934-1", "USN-5935-1", "USN-5938-1", "USN-5939-1", "USN-5940-1", "USN-5941-1", "USN-5950-1", "USN-5951-1", "USN-5962-1", "USN-5975-1", "USN-5976-1", "USN-6000-1", "USN-6001-1", "USN-6007-1", "USN-6013-1", "USN-6014-1", "USN-6025-1", "USN-6027-1", "USN-6029-1", "USN-6030-1", "USN-6031-1", "USN-6040-1", "USN-6045-1", "USN-6057-1", "USN-6071-1", "USN-6079-1", "USN-6080-1", "USN-6085-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-0171", "UB:CVE-2022-23816", "UB:CVE-2022-2602", "UB:CVE-2022-28693", "UB:CVE-2022-3567", "UB:CVE-2022-3628", "UB:CVE-2022-3635", "UB:CVE-2022-3707", "UB:CVE-2022-3903", "UB:CVE-2022-4095", "UB:CVE-2022-4129", "UB:CVE-2022-4139", "UB:CVE-2022-41850", "UB:CVE-2022-41858", "UB:CVE-2022-42895", "UB:CVE-2022-42896", "UB:CVE-2022-4378", "UB:CVE-2022-43945", "UB:CVE-2022-45934"]}, {"type": "veracode", "idList": ["VERACODE:36363", "VERACODE:38102", "VERACODE:38355", "VERACODE:38790", "VERACODE:38884", "VERACODE:38886", "VERACODE:39116", "VERACODE:39206", "VERACODE:39208", "VERACODE:39527", "VERACODE:39528", "VERACODE:39941", "VERACODE:40359", "VERACODE:40360"]}, {"type": "virtuozzo", "idList": ["VZA-2023-007"]}, {"type": "vmware", "idList": ["VMSA-2022-0020", "VMSA-2022-0020.1", "VMSA-2022-0020.2"]}, {"type": "xen", "idList": ["XSA-407"]}, {"type": "zdi", "idList": ["ZDI-22-1462"]}]}, "score": {"value": 8.7, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-0171", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-3567", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2022-3628", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-3635", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-3707", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-3903", "epss": 0.00044, "percentile": 0.08368, "modified": "2023-05-02"}, {"cve": "CVE-2022-4095", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-4129", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-4139", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-41850", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-41858", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2022-42895", "epss": 0.00052, "percentile": 0.1857, "modified": "2023-05-02"}, {"cve": "CVE-2022-42896", "epss": 0.00112, "percentile": 0.43079, "modified": "2023-05-02"}, {"cve": "CVE-2022-4378", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-43945", "epss": 0.00053, "percentile": 0.19035, "modified": "2023-05-02"}, {"cve": "CVE-2022-45934", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}], "vulnersScore": 8.7}, "_state": {"dependencies": 1684378569, "score": 1684381050, "epss": 0}, "_internal": {"score_hash": "721ba0c843a2518d81de98f700f30292"}, "pluginID": "170228", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4613-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170228);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-2602\",\n \"CVE-2022-3567\",\n \"CVE-2022-3628\",\n \"CVE-2022-3635\",\n \"CVE-2022-3707\",\n \"CVE-2022-3903\",\n \"CVE-2022-4095\",\n \"CVE-2022-4129\",\n \"CVE-2022-4139\",\n \"CVE-2022-4378\",\n \"CVE-2022-28693\",\n \"CVE-2022-41850\",\n \"CVE-2022-41858\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4613-1\");\n\n script_name(english:\"openSUSE 15 Security Update : kernel (SUSE-SU-2022:4613-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nSUSE-SU-2022:4613-1 advisory.\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root\n (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD\n CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary\n speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816)\n (CVE-2022-28693)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier\n assigned to this vulnerability. (CVE-2022-3567)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue\n is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation\n leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the\n identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card\n system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could\n allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This\n issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the\n resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing\n sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw\n to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading\n to random memory corruption or data leaks. This flaw could allow a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in\n progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to\n crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206207\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013340.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?55005ec1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^SUSE\") audit(AUDIT_OS_NOT, \"openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SUSE[\\d.]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SUSE15\\.3)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'openSUSE 15', 'openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE (' + os_ver + ')', cpu);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-5.3.18-150300.112.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-rt-5.3.18-150300.112.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-rt-5.3.18-150300.112.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-devel-rt-5.3.18-150300.112.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-rt-5.3.18-150300.112.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-rt-devel-5.3.18-150300.112.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-rt_debug-devel-5.3.18-150300.112.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-rt-5.3.18-150300.112.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-syms-rt-5.3.18-150300.112.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-rt-5.3.18-150300.112.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:suse_linux:15"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2022-42896", "vendor_cvss2": {"score": 8.3, "vector": "CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.0"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2022-12-23T00:00:00", "vulnerabilityPublicationDate": "2022-08-15T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-05-17T16:38:59", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4503-1 advisory.\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-28693)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. (CVE-2022-3567)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-17T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:4503-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0171", "CVE-2022-23816", "CVE-2022-2602", "CVE-2022-28693", "CVE-2022-3567", "CVE-2022-3628", "CVE-2022-3635", "CVE-2022-3707", "CVE-2022-3903", "CVE-2022-4095", "CVE-2022-4129", "CVE-2022-4139", "CVE-2022-41850", "CVE-2022-41858", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-4503-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168888", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4503-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168888);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-2602\",\n \"CVE-2022-3567\",\n \"CVE-2022-3628\",\n \"CVE-2022-3635\",\n \"CVE-2022-3707\",\n \"CVE-2022-3903\",\n \"CVE-2022-4095\",\n \"CVE-2022-4129\",\n \"CVE-2022-4139\",\n \"CVE-2022-4378\",\n \"CVE-2022-28693\",\n \"CVE-2022-41850\",\n \"CVE-2022-41858\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4503-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:4503-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:4503-1 advisory.\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root\n (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD\n CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary\n speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816)\n (CVE-2022-28693)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier\n assigned to this vulnerability. (CVE-2022-3567)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue\n is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation\n leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the\n identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card\n system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could\n allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This\n issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the\n resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing\n sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw\n to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading\n to random memory corruption or data leaks. This flaw could allow a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in\n progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to\n crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206207\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013251.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b3b5551f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.3)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.3.18-150300.38.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.88.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-150300.38.88.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'cluster-md-kmp-azure-5.3.18-150300.38.88.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-azure-5.3.18-150300.38.88.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-azure-5.3.18-150300.38.88.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-5.3.18-150300.38.88.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.88.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-extra-5.3.18-150300.38.88.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-livepatch-devel-5.3.18-150300.38.88.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-optional-5.3.18-150300.38.88.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.88.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-150300.38.88.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.88.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-azure-5.3.18-150300.38.88.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-azure-5.3.18-150300.38.88.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-azure-5.3.18-150300.38.88.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / kernel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:15", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4616-1 advisory.\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-28693)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. (CVE-2022-3567)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-24T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:4616-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0171", "CVE-2022-23816", "CVE-2022-2602", "CVE-2022-28693", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-3567", "CVE-2022-3628", "CVE-2022-3635", "CVE-2022-3707", "CVE-2022-3903", "CVE-2022-4095", "CVE-2022-4129", "CVE-2022-4139", "CVE-2022-41850", "CVE-2022-41858", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_106-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-4616-1.NASL", "href": "https://www.tenable.com/plugins/nessus/169290", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4616-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169290);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-2602\",\n \"CVE-2022-3567\",\n \"CVE-2022-3628\",\n \"CVE-2022-3635\",\n \"CVE-2022-3707\",\n \"CVE-2022-3903\",\n \"CVE-2022-4095\",\n \"CVE-2022-4129\",\n \"CVE-2022-4139\",\n \"CVE-2022-4378\",\n \"CVE-2022-28693\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-41850\",\n \"CVE-2022-41858\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4616-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:4616-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:4616-1 advisory.\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root\n (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD\n CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary\n speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816)\n (CVE-2022-28693)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier\n assigned to this vulnerability. (CVE-2022-3567)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue\n is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation\n leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the\n identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card\n system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could\n allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This\n issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the\n resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing\n sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw\n to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading\n to random memory corruption or data leaks. This flaw could allow a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in\n progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to\n crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206207\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013339.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a100faeb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_106-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.3', 'SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.3', 'SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.3', 'SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.3', 'SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_HPC-release-15.3', 'SLE_RT-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.3', 'SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_HPC-release-15.3', 'SLE_RT-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.3', 'SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.3', 'SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_HPC-release-15.3', 'SLE_RT-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.3', 'SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_HPC-release-15.3', 'SLE_RT-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.3', 'SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_HPC-release-15.3', 'SLE_RT-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.3', 'SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'kernel-default-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'kernel-syms-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'cluster-md-kmp-64kb-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-preempt-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-preempt-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-64kb-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-preempt-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-preempt-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-al-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-allwinner-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-altera-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-amd-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-amlogic-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-apm-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-arm-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-broadcom-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-cavium-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-exynos-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-freescale-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-hisilicon-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-lg-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-marvell-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-mediatek-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-nvidia-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-qcom-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-renesas-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-rockchip-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-socionext-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-sprd-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-xilinx-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-zte-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-64kb-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-preempt-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-preempt-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-extra-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-livepatch-devel-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-optional-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-devel-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-livepatch-devel-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-base-rebuild-5.3.18-150300.59.106.1.150300.18.60.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-optional-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-devel-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-obs-qa-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-optional-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-optional-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-vanilla-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.106.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-64kb-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-default-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-preempt-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-preempt-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-64kb-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-preempt-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-preempt-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-64kb-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.106.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-preempt-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-preempt-5.3.18-150300.59.106.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-al-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-zte-5.3.18-150300.59.106.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-150300_59_106-default-1-150300.7.5.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.106.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.106.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / cluster-md-kmp-preempt / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:39:55", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4566-1 advisory.\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-28693)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. (CVE-2022-3567)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs;\n the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). (CVE-2022-42328, CVE-2022-42329)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:4566-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23816", "CVE-2022-28693", "CVE-2022-3567", "CVE-2022-3628", "CVE-2022-3635", "CVE-2022-3643", "CVE-2022-3903", "CVE-2022-4095", "CVE-2022-41850", "CVE-2022-41858", "CVE-2022-42328", "CVE-2022-42329", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_144-default", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-4566-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168934", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4566-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168934);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-3567\",\n \"CVE-2022-3628\",\n \"CVE-2022-3635\",\n \"CVE-2022-3643\",\n \"CVE-2022-3903\",\n \"CVE-2022-4095\",\n \"CVE-2022-4378\",\n \"CVE-2022-28693\",\n \"CVE-2022-41850\",\n \"CVE-2022-41858\",\n \"CVE-2022-42328\",\n \"CVE-2022-42329\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4566-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:4566-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:4566-1 advisory.\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary\n speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816)\n (CVE-2022-28693)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier\n assigned to this vulnerability. (CVE-2022-3567)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue\n is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation\n leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the\n identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This\n issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the\n resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in\n progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to\n crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs;\n the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced\n another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the\n XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock\n could occur in case of netpoll being active for the interface the xen-netback driver is connected to\n (CVE-2022-42329). (CVE-2022-42328, CVE-2022-42329)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1106594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1164051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205908\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206213\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013273.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d8c536c0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_144-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-base-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-devel-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.144.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.144.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-man-4.12.14-122.144.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-devel-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-macros-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-obs-build-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-source-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-syms-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'cluster-md-kmp-default-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'dlm-kmp-default-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'gfs2-kmp-default-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'ocfs2-kmp-default-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'kernel-default-kgraft-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-122.144.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kgraft-patch-4_12_14-122_144-default-1-8.5.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:43", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4505-1 advisory.\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-28693)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. (CVE-2022-3567)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs;\n the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). (CVE-2022-42328, CVE-2022-42329)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:4505-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23816", "CVE-2022-28693", "CVE-2022-3567", "CVE-2022-3628", "CVE-2022-3635", "CVE-2022-3643", "CVE-2022-3903", "CVE-2022-4095", "CVE-2022-41850", "CVE-2022-41858", "CVE-2022-42328", "CVE-2022-42329", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-4505-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168894", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4505-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168894);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-3567\",\n \"CVE-2022-3628\",\n \"CVE-2022-3635\",\n \"CVE-2022-3643\",\n \"CVE-2022-3903\",\n \"CVE-2022-4095\",\n \"CVE-2022-4378\",\n \"CVE-2022-28693\",\n \"CVE-2022-41850\",\n \"CVE-2022-41858\",\n \"CVE-2022-42328\",\n \"CVE-2022-42329\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4505-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:4505-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:4505-1 advisory.\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary\n speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816)\n (CVE-2022-28693)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier\n assigned to this vulnerability. (CVE-2022-3567)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue\n is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation\n leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the\n identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This\n issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the\n resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in\n progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to\n crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs;\n the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced\n another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the\n XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock\n could occur in case of netpoll being active for the interface the xen-netback driver is connected to\n (CVE-2022-42329). (CVE-2022-42328, CVE-2022-42329)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1106594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1164051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205908\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206213\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013250.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c737783f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-4.12.14-16.120.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-azure-base-4.12.14-16.120.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-azure-devel-4.12.14-16.120.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-devel-azure-4.12.14-16.120.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-source-azure-4.12.14-16.120.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-syms-azure-4.12.14-16.120.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-base / kernel-azure-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:39:42", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4585-1 advisory.\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. (CVE-2022-3566)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. (CVE-2022-3567)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs;\n the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). (CVE-2022-42328, CVE-2022-42329)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. (CVE-2022-45869)\n\n - An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. (CVE-2022-45888)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-21T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:4585-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0171", "CVE-2022-2602", "CVE-2022-3176", "CVE-2022-3566", "CVE-2022-3567", "CVE-2022-3635", "CVE-2022-3643", "CVE-2022-3707", "CVE-2022-3903", "CVE-2022-4095", "CVE-2022-4129", "CVE-2022-4139", "CVE-2022-41850", "CVE-2022-41858", "CVE-2022-42328", "CVE-2022-42329", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-43945", "CVE-2022-45869", "CVE-2022-45888", "CVE-2022-45934"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_38-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-4585-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168948", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4585-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168948);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-2602\",\n \"CVE-2022-3176\",\n \"CVE-2022-3566\",\n \"CVE-2022-3567\",\n \"CVE-2022-3635\",\n \"CVE-2022-3643\",\n \"CVE-2022-3707\",\n \"CVE-2022-3903\",\n \"CVE-2022-4095\",\n \"CVE-2022-4129\",\n \"CVE-2022-4139\",\n \"CVE-2022-4378\",\n \"CVE-2022-41850\",\n \"CVE-2022-41858\",\n \"CVE-2022-42328\",\n \"CVE-2022-42329\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45869\",\n \"CVE-2022-45888\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4585-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:4585-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:4585-1 advisory.\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root\n (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD\n CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a\n waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before\n the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free\n to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We\n recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function\n tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It\n is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this\n vulnerability. (CVE-2022-3566)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier\n assigned to this vulnerability. (CVE-2022-3567)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue\n is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation\n leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the\n identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card\n system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could\n allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This\n issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the\n resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing\n sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw\n to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading\n to random memory corruption or data leaks. This flaw could allow a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in\n progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to\n crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs;\n the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced\n another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the\n XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock\n could occur in case of netpoll being active for the interface the xen-netback driver is connected to\n (CVE-2022-42329). (CVE-2022-42328, CVE-2022-42329)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to\n cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the\n TDP MMU are enabled. (CVE-2022-45869)\n\n - An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race\n condition and use-after-free during physical removal of a USB device. (CVE-2022-45888)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1164051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206207\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013296.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?705daae5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_38-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-64kb-5.14.21-150400.24.38.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-64kb-5.14.21-150400.24.38.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-64kb-devel-5.14.21-150400.24.38.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-64kb-devel-5.14.21-150400.24.38.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-devel-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-devel-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-extra-5.14.21-150400.24.38.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-default-extra-5.14.21-150400.24.38.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-devel-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-devel-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-macros-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-macros-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-obs-build-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-obs-build-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-source-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-source-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-syms-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-syms-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-zfcpdump-5.14.21-150400.24.38.1', 'sp':'4', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-zfcpdump-5.14.21-150400.24.38.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'reiserfs-kmp-default-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'cluster-md-kmp-64kb-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'cluster-md-kmp-default-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dlm-kmp-64kb-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dlm-kmp-default-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-allwinner-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-altera-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-amazon-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-amd-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-amlogic-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-apm-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-apple-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-arm-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-broadcom-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-cavium-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-exynos-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-freescale-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-hisilicon-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-lg-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-marvell-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-mediatek-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-nvidia-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-qcom-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-renesas-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-rockchip-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-socionext-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-sprd-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-xilinx-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'gfs2-kmp-64kb-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'gfs2-kmp-default-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-64kb-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-64kb-devel-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-64kb-extra-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-64kb-livepatch-devel-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-64kb-optional-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-debug-5.14.21-150400.24.38.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-debug-devel-5.14.21-150400.24.38.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-debug-livepatch-devel-5.14.21-150400.24.38.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-base-rebuild-5.14.21-150400.24.38.1.150400.24.13.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-devel-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-extra-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-livepatch-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-livepatch-devel-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-optional-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-devel-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-5.14.21-150400.24.38.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-devel-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-devel-5.14.21-150400.24.38.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.38.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-macros-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-obs-build-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-obs-qa-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-source-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-source-vanilla-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-syms-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-zfcpdump-5.14.21-150400.24.38.1', 'cpu':'s390x', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kselftests-kmp-64kb-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kselftests-kmp-default-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'ocfs2-kmp-64kb-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'ocfs2-kmp-default-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'reiserfs-kmp-64kb-5.14.21-150400.24.38.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'reiserfs-kmp-default-5.14.21-150400.24.38.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'cluster-md-kmp-default-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.4']},\n {'reference':'dlm-kmp-default-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.4']},\n {'reference':'gfs2-kmp-default-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.4']},\n {'reference':'ocfs2-kmp-default-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.4']},\n {'reference':'kernel-default-livepatch-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.4']},\n {'reference':'kernel-default-livepatch-devel-5.14.21-150400.24.38.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.4']},\n {'reference':'kernel-livepatch-5_14_21-150400_24_38-default-1-150400.9.3.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / dlm-kmp-64kb / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:38:20", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4504-1 advisory.\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. (CVE-2022-3566)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. (CVE-2022-3567)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs;\n the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). (CVE-2022-42328, CVE-2022-42329)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. (CVE-2022-45869)\n\n - An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. (CVE-2022-45888)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-17T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:4504-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0171", "CVE-2022-2602", "CVE-2022-3176", "CVE-2022-3566", "CVE-2022-3567", "CVE-2022-3635", "CVE-2022-3643", "CVE-2022-3707", "CVE-2022-3903", "CVE-2022-4095", "CVE-2022-4129", "CVE-2022-4139", "CVE-2022-41850", "CVE-2022-41858", "CVE-2022-42328", "CVE-2022-42329", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-43945", "CVE-2022-45869", "CVE-2022-45888", "CVE-2022-45934"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-4504-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168893", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4504-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168893);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-2602\",\n \"CVE-2022-3176\",\n \"CVE-2022-3566\",\n \"CVE-2022-3567\",\n \"CVE-2022-3635\",\n \"CVE-2022-3643\",\n \"CVE-2022-3707\",\n \"CVE-2022-3903\",\n \"CVE-2022-4095\",\n \"CVE-2022-4129\",\n \"CVE-2022-4139\",\n \"CVE-2022-4378\",\n \"CVE-2022-41850\",\n \"CVE-2022-41858\",\n \"CVE-2022-42328\",\n \"CVE-2022-42329\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45869\",\n \"CVE-2022-45888\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4504-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:4504-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:4504-1 advisory.\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root\n (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD\n CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a\n waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before\n the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free\n to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We\n recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function\n tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It\n is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this\n vulnerability. (CVE-2022-3566)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier\n assigned to this vulnerability. (CVE-2022-3567)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue\n is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation\n leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the\n identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card\n system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could\n allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This\n issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the\n resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing\n sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw\n to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading\n to random memory corruption or data leaks. This flaw could allow a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in\n progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to\n crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs;\n the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced\n another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the\n XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock\n could occur in case of netpoll being active for the interface the xen-netback driver is connected to\n (CVE-2022-42329). (CVE-2022-42328, CVE-2022-42329)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to\n cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the\n TDP MMU are enabled. (CVE-2022-45869)\n\n - An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race\n condition and use-after-free during physical removal of a USB device. (CVE-2022-45888)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1164051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206273\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013252.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d1e76f5f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.14.21-150400.14.28.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-azure-5.14.21-150400.14.28.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-azure-devel-5.14.21-150400.14.28.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-azure-devel-5.14.21-150400.14.28.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-devel-azure-5.14.21-150400.14.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-source-azure-5.14.21-150400.14.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-syms-azure-5.14.21-150400.14.28.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'kernel-syms-azure-5.14.21-150400.14.28.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},\n {'reference':'cluster-md-kmp-azure-5.14.21-150400.14.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'cluster-md-kmp-azure-5.14.21-150400.14.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dlm-kmp-azure-5.14.21-150400.14.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dlm-kmp-azure-5.14.21-150400.14.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'gfs2-kmp-azure-5.14.21-150400.14.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'gfs2-kmp-azure-5.14.21-150400.14.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-5.14.21-150400.14.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-5.14.21-150400.14.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-devel-5.14.21-150400.14.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-devel-5.14.21-150400.14.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-extra-5.14.21-150400.14.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-extra-5.14.21-150400.14.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-livepatch-devel-5.14.21-150400.14.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-livepatch-devel-5.14.21-150400.14.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-optional-5.14.21-150400.14.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-azure-optional-5.14.21-150400.14.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-devel-azure-5.14.21-150400.14.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-source-azure-5.14.21-150400.14.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-syms-azure-5.14.21-150400.14.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-syms-azure-5.14.21-150400.14.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kselftests-kmp-azure-5.14.21-150400.14.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kselftests-kmp-azure-5.14.21-150400.14.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'ocfs2-kmp-azure-5.14.21-150400.14.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'ocfs2-kmp-azure-5.14.21-150400.14.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'reiserfs-kmp-azure-5.14.21-150400.14.28.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'reiserfs-kmp-azure-5.14.21-150400.14.28.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / kernel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:57", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12018 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2023-12018.NASL", "href": "https://www.tenable.com/plugins/nessus/169923", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-12018.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169923);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2022-4378\", \"CVE-2022-42895\", \"CVE-2022-42896\");\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12018)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2023-12018 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-12018.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-6.80.3.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2023-12018');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.15.0-6.80.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.15.0'},\n {'reference':'kernel-uek-container-debug-5.15.0-6.80.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:25", "description": "The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12017 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-12017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-core", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-core", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-modules", "p-cpe:/a:oracle:linux:kernel-uek-modules-extra"], "id": "ORACLELINUX_ELSA-2023-12017.NASL", "href": "https://www.tenable.com/plugins/nessus/169924", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-12017.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169924);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2022-4378\", \"CVE-2022-42895\", \"CVE-2022-42896\");\n\n script_name(english:\"Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-12017)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2023-12017 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-12017.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(8|9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8 / 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-6.80.3.1.el8uek', '5.15.0-6.80.3.1.el9uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2023-12017');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'bpftool-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'kernel-uek-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-6.80.3.1.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'bpftool-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'bpftool-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'kernel-uek-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-6.80.3.1.el9uek', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel-uek / kernel-uek-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:43", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5809-1 advisory.\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-17T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5809-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42896", "CVE-2022-4378", "CVE-2022-45934"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1056-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem"], "id": "UBUNTU_USN-5809-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170109", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5809-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170109);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-4378\", \"CVE-2022-42896\", \"CVE-2022-45934\");\n script_xref(name:\"USN\", value:\"5809-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5809-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5809-1 advisory.\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5809-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1056-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.14.0-\\d{4}-oem)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.14.0-\\d{4}-oem\" : \"5.14.0-1056\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5809-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-4378', 'CVE-2022-42896', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5809-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:28", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4572-1 advisory.\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-20T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 26 for SLE 15 SP3) (SUSE-SU-2022:4572-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-4139", "CVE-2022-4378", "CVE-2022-43945"], "modified": "2023-03-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_101-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-4572-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168936", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4572-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168936);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/22\");\n\n script_cve_id(\"CVE-2022-4139\", \"CVE-2022-4378\", \"CVE-2022-43945\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4572-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 26 for SLE 15 SP3) (SUSE-SU-2022:4572-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:4572-1 advisory.\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading\n to random memory corruption or data leaks. This flaw could allow a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-4139)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206228\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013281.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b8afe552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43945\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150300_59_101-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-4378\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_101-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150300.59.101-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_101-default-2-150300.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150300_59_101-default');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:44:01", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5918-1 advisory.\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. (CVE-2022-3640)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.\n The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use- after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\n - In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References:\n Upstream kernel (CVE-2023-20928)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-04T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-5918-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3628", "CVE-2022-3640", "CVE-2022-3643", "CVE-2022-3649", "CVE-2022-41849", "CVE-2022-41850", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-43945", "CVE-2022-45934", "CVE-2023-20928"], "modified": "2023-03-06T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1058-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-image-bluefield"], "id": "UBUNTU_USN-5918-1.NASL", "href": "https://www.tenable.com/plugins/nessus/172095", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5918-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172095);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/06\");\n\n script_cve_id(\n \"CVE-2022-3628\",\n \"CVE-2022-3640\",\n \"CVE-2022-3643\",\n \"CVE-2022-3649\",\n \"CVE-2022-41849\",\n \"CVE-2022-41850\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\",\n \"CVE-2023-20928\"\n );\n script_xref(name:\"USN\", value:\"5918-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-5918-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5918-1 advisory.\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function\n l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads\n to use after free. It is recommended to apply a patch to fix this issue. The identifier of this\n vulnerability is VDB-211944. (CVE-2022-3640)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function\n nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after\n free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.\n The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-\n after-free if a physically proximate attacker removes a USB device while calling open(), aka a race\n condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\n - In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References:\n Upstream kernel (CVE-2023-20928)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5918-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1058-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-bluefield\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.4.0-\\d+(-bluefield))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.4.0-\\d+-bluefield\" : \"5.4.0-1058\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D.*?)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5918-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3628', 'CVE-2022-3640', 'CVE-2022-3643', 'CVE-2022-3649', 'CVE-2022-41849', 'CVE-2022-41850', 'CVE-2022-42895', 'CVE-2022-42896', 'CVE-2022-43945', 'CVE-2022-45934', 'CVE-2023-20928');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5918-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:46", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5875-1 advisory.\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. (CVE-2022-3640)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.\n The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use- after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\n - In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References:\n Upstream kernel (CVE-2023-20928)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-16T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5875-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3628", "CVE-2022-3640", "CVE-2022-3643", "CVE-2022-3649", "CVE-2022-41849", "CVE-2022-41850", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-43945", "CVE-2022-45934", "CVE-2023-20928"], "modified": "2023-02-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1094-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"], "id": "UBUNTU_USN-5875-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171577", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5875-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171577);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/17\");\n\n script_cve_id(\n \"CVE-2022-3628\",\n \"CVE-2022-3640\",\n \"CVE-2022-3643\",\n \"CVE-2022-3649\",\n \"CVE-2022-41849\",\n \"CVE-2022-41850\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\",\n \"CVE-2023-20928\"\n );\n script_xref(name:\"USN\", value:\"5875-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5875-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5875-1 advisory.\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function\n l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads\n to use after free. It is recommended to apply a patch to fix this issue. The identifier of this\n vulnerability is VDB-211944. (CVE-2022-3640)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function\n nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after\n free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.\n The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-\n after-free if a physically proximate attacker removes a USB device while calling open(), aka a race\n condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\n - In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References:\n Upstream kernel (CVE-2023-20928)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5875-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1094-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.4.0-\\d{4}-gke)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.4.0-\\d{4}-gke\" : \"5.4.0-1094\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D.*?)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5875-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3628', 'CVE-2022-3640', 'CVE-2022-3643', 'CVE-2022-3649', 'CVE-2022-41849', 'CVE-2022-41850', 'CVE-2022-42895', 'CVE-2022-42896', 'CVE-2022-43945', 'CVE-2022-45934', 'CVE-2023-20928');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5875-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:35", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5830-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-27T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5830-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-01-27T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1126-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1101-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2"], "id": "UBUNTU_USN-5830-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170735", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5830-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170735);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/27\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5830-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5830-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5830-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5830-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1126-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1101-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{4}-raspi2|5.4.0-\\d{4}-azure)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{4}-raspi2\" : \"4.15.0-1126\",\n \"5.4.0-\\d{4}-azure\" : \"5.4.0-1101\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5830-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-42896', 'CVE-2022-43945', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5830-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:39:48", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5802-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-12T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5802-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-236-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-236-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1116-kvm"], "id": "UBUNTU_USN-5802-1.NASL", "href": "https://www.tenable.com/plugins/nessus/169997", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5802-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169997);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5802-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5802-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5802-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5802-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1116-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-236-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-236-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(16\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.4.0-\\d{3}-(generic|lowlatency)|4.4.0-\\d{4}-kvm)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.4.0-\\d{3}-(generic|lowlatency)\" : \"4.4.0-236\",\n \"4.4.0-\\d{4}-kvm\" : \"4.4.0-1116\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5802-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-42896', 'CVE-2022-43945', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5802-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:58", "description": "The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5804-2 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-13T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5804-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1143-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1148-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp"], "id": "UBUNTU_USN-5804-2.NASL", "href": "https://www.tenable.com/plugins/nessus/170039", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5804-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170039);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5804-2\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5804-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5804-2 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5804-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1143-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1148-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(18\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{4}-(aws|gcp))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{4}-aws\" : \"4.15.0-1148\",\n \"4.15.0-\\d{4}-gcp\" : \"4.15.0-1143\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5804-2');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-42896', 'CVE-2022-43945', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5804-2');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:09", "description": "The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5808-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-18T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel (IBM) vulnerabilities (USN-5808-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-01-18T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1042-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm"], "id": "UBUNTU_USN-5808-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170126", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5808-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170126);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/18\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5808-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel (IBM) vulnerabilities (USN-5808-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5808-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5808-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1042-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(18\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.4.0-\\d{4}-ibm)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.4.0-\\d{4}-ibm\" : \"5.4.0-1042\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5808-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-42896', 'CVE-2022-43945', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5808-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:04", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5794-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-07T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Linux kernel (AWS) vulnerabilities (USN-5794-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-01-09T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1153-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws"], "id": "UBUNTU_USN-5794-1.NASL", "href": "https://www.tenable.com/plugins/nessus/169690", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5794-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169690);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/09\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5794-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Linux kernel (AWS) vulnerabilities (USN-5794-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5794-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5794-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1153-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(16\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.4.0-\\d{4}-aws)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.4.0-\\d{4}-aws\" : \"4.4.0-1153\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5794-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-42896', 'CVE-2022-43945', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5794-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T17:39:44", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5829-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-26T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-5829-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-01-26T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1079-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi"], "id": "UBUNTU_USN-5829-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170658", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5829-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170658);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/26\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5829-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-5829-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5829-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5829-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1079-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.4.0-\\d{4}-raspi)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.4.0-\\d{4}-raspi\" : \"5.4.0-1079\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5829-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-42896', 'CVE-2022-43945', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5829-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:33", "description": "The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5813-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5813-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-01-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1113-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1144-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1062-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1094-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-137-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-137-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-137-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon"], "id": "UBUNTU_USN-5813-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170185", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5813-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170185);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/20\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5813-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5813-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple\nvulnerabilities as referenced in the USN-5813-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5813-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1113-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1144-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1062-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1094-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-137-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-137-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-137-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{4}-(oracle|snapdragon)|5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)|5.4.0-\\d{4}-(aws|gkeop))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{4}-oracle\" : \"4.15.0-1113\",\n \"4.15.0-\\d{4}-snapdragon\" : \"4.15.0-1144\",\n \"5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)\" : \"5.4.0-137\",\n \"5.4.0-\\d{4}-aws\" : \"5.4.0-1094\",\n \"5.4.0-\\d{4}-gkeop\" : \"5.4.0-1062\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5813-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-42896', 'CVE-2022-43945', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5813-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:42:40", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5863-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-09T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Linux kernel (Azure) vulnerabilities (USN-5863-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-02-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1159-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure"], "id": "UBUNTU_USN-5863-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171260", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5863-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171260);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/10\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5863-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Linux kernel (Azure) vulnerabilities (USN-5863-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5863-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5863-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1159-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(16\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{4}-azure)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{4}-azure\" : \"4.15.0-1159\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D.*?)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5863-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-42896', 'CVE-2022-43945', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5863-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:39:49", "description": "The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5804-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-13T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5804-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-202-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1042-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1084-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1092-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1094-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1098-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-137-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-137-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-137-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1134-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1143-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1148-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1148-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1159-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-202-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-202-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle"], "id": "UBUNTU_USN-5804-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170011", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5804-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170011);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5804-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5804-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5804-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5804-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1134-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1143-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1148-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1148-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1159-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-202-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-202-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-202-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1042-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1084-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1092-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1094-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1098-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-137-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-137-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-137-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{3}-(generic|generic-lpae|lowlatency)|4.15.0-\\d{4}-(aws|aws-hwe|azure|gcp|kvm)|5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)|5.4.0-\\d{4}-(aws|gcp|ibm|kvm|oracle))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{3}-(generic|generic-lpae|lowlatency)\" : \"4.15.0-202\",\n \"4.15.0-\\d{3}-(generic|lowlatency)\" : \"4.15.0-202\",\n \"4.15.0-\\d{4}-(aws|aws-hwe)\" : \"4.15.0-1148\",\n \"4.15.0-\\d{4}-azure\" : \"4.15.0-1159\",\n \"4.15.0-\\d{4}-gcp\" : \"4.15.0-1143\",\n \"4.15.0-\\d{4}-kvm\" : \"4.15.0-1134\",\n \"5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)\" : \"5.4.0-137\",\n \"5.4.0-\\d{4}-aws\" : \"5.4.0-1094\",\n \"5.4.0-\\d{4}-gcp\" : \"5.4.0-1098\",\n \"5.4.0-\\d{4}-ibm\" : \"5.4.0-1042\",\n \"5.4.0-\\d{4}-kvm\" : \"5.4.0-1084\",\n \"5.4.0-\\d{4}-oracle\" : \"5.4.0-1092\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5804-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-42896', 'CVE-2022-43945', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5804-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:18", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5831-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-27T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5831-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-45934"], "modified": "2023-01-27T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1031-azurefde", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azurefde"], "id": "UBUNTU_USN-5831-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170734", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5831-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170734);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/27\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-4378\",\n \"CVE-2022-42896\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5831-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5831-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5831-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5831-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1031-azurefde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azurefde\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(22\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{4}-azure-fde)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{4}-azure-fde\" : \"5.15.0-1031\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5831-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-4378', 'CVE-2022-42896', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5831-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:42:16", "description": "The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5832-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-31T00:00:00", "type": "nessus", "title": "Ubuntu 22.10 : Linux kernel (Raspberry Pi) vulnerabilities (USN-5832-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-45934"], "modified": "2023-01-31T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1012-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1012-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae"], "id": "UBUNTU_USN-5832-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170891", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5832-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170891);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/31\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-4378\",\n \"CVE-2022-42896\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5832-1\");\n\n script_name(english:\"Ubuntu 22.10 : Linux kernel (Raspberry Pi) vulnerabilities (USN-5832-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nUSN-5832-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5832-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1012-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1012-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(22\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.19.0-\\d{4}-(raspi|raspi-nolpae))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.19.0-\\d{4}-(raspi|raspi-nolpae)\" : \"5.19.0-1012\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5832-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-4378', 'CVE-2022-42896', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5832-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:42", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5803-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-13T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : Linux kernel vulnerabilities (USN-5803-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-45934"], "modified": "2023-01-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1023-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1023-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1026-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1027-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1027-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1028-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1031-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1015-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1015-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1016-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1017-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-29-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-29-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-29-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae"], "id": "UBUNTU_USN-5803-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170012", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5803-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170012);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/16\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-4378\",\n \"CVE-2022-42896\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5803-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : Linux kernel vulnerabilities (USN-5803-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5803-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5803-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1023-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1023-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1026-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1027-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1027-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1028-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1031-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1015-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1015-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1016-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1017-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-29-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-29-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-29-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04|22\\.04|22\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04 / 22.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{2}-(generic|generic-64k|generic-lpae)|5.15.0-\\d{4}-(aws|azure|gcp|kvm|oracle|raspi|raspi-nolpae)|5.19.0-\\d{2}-(generic|generic-64k|generic-lpae)|5.19.0-\\d{4}-(aws|gcp|ibm|kvm))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{2}-(generic|generic-64k|generic-lpae)\" : \"5.15.0-58\",\n \"5.15.0-\\d{4}-(raspi|raspi-nolpae)\" : \"5.15.0-1023\",\n \"5.15.0-\\d{4}-aws\" : \"5.15.0-1028\",\n \"5.15.0-\\d{4}-azure\" : \"5.15.0-1031\",\n \"5.15.0-\\d{4}-gcp\" : \"5.15.0-1027\",\n \"5.15.0-\\d{4}-kvm\" : \"5.15.0-1026\",\n \"5.15.0-\\d{4}-oracle\" : \"5.15.0-1027\",\n \"5.19.0-\\d{2}-(generic|generic-64k|generic-lpae)\" : \"5.19.0-29\",\n \"5.19.0-\\d{4}-(gcp|ibm)\" : \"5.19.0-1015\",\n \"5.19.0-\\d{4}-aws\" : \"5.19.0-1017\",\n \"5.19.0-\\d{4}-kvm\" : \"5.19.0-1016\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5803-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-4378', 'CVE-2022-42896', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5803-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:42:09", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5814-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-20T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : Linux kernel vulnerabilities (USN-5814-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3643", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-45934"], "modified": "2023-01-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1023-inteliotg", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1027-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-lowlatency-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1015-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1015-lowlatency-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1017-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-inteliotg", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle"], "id": "UBUNTU_USN-5814-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170188", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5814-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170188);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/20\");\n\n script_cve_id(\n \"CVE-2022-3643\",\n \"CVE-2022-4378\",\n \"CVE-2022-42896\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"USN\", value:\"5814-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : Linux kernel vulnerabilities (USN-5814-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has a package installed that is affected by multiple\nvulnerabilities as referenced in the USN-5814-1 advisory.\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5814-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1023-inteliotg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1027-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-lowlatency-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1015-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1015-lowlatency-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1017-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-inteliotg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04|22\\.04|22\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04 / 22.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{2}-(lowlatency|lowlatency-64k)|5.15.0-\\d{4}-(gkeop|intel-iotg|oracle)|5.19.0-\\d{4}-(azure|lowlatency|lowlatency-64k))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{2}-(lowlatency|lowlatency-64k)\" : \"5.15.0-58\",\n \"5.15.0-\\d{4}-gkeop\" : \"5.15.0-1013\",\n \"5.15.0-\\d{4}-intel-iotg\" : \"5.15.0-1023\",\n \"5.15.0-\\d{4}-oracle\" : \"5.15.0-1027\",\n \"5.19.0-\\d{4}-(lowlatency|lowlatency-64k)\" : \"5.19.0-1015\",\n \"5.19.0-\\d{4}-azure\" : \"5.19.0-1017\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5814-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3643', 'CVE-2022-4378', 'CVE-2022-42896', 'CVE-2022-45934');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5814-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:42:45", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5879-1 advisory.\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability. (CVE-2022-3619)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. (CVE-2022-3640)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-16T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-5879-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3619", "CVE-2022-3628", "CVE-2022-3640", "CVE-2022-3643", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-45934", "CVE-2023-0590"], "modified": "2023-02-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-32-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-32-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-32-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae"], "id": "UBUNTU_USN-5879-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171574", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5879-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171574);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/16\");\n\n script_cve_id(\n \"CVE-2022-3619\",\n \"CVE-2022-3628\",\n \"CVE-2022-3640\",\n \"CVE-2022-3643\",\n \"CVE-2022-4378\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-45934\",\n \"CVE-2023-0590\"\n );\n script_xref(name:\"USN\", value:\"5879-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-5879-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5879-1 advisory.\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the\n identifier assigned to this vulnerability. (CVE-2022-3619)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function\n l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads\n to use after free. It is recommended to apply a patch to fix this issue. The identifier of this\n vulnerability is VDB-211944. (CVE-2022-3640)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5879-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-32-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-32-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-32-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(22\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.19.0-\\d{2}-(generic|generic-64k|generic-lpae))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.19.0-\\d{2}-(generic|generic-64k|generic-lpae)\" : \"5.19.0-32\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D.*?)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5879-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3619', 'CVE-2022-3628', 'CVE-2022-3640', 'CVE-2022-3643', 'CVE-2022-4378', 'CVE-2022-42895', 'CVE-2022-42896', 'CVE-2022-45934', 'CVE-2023-0590');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5879-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:39:53", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4542-1 advisory.\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-18T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 5 for SLE 15 SP4) (SUSE-SU-2022:4542-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-39698", "CVE-2022-4139", "CVE-2022-4378", "CVE-2022-43945"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_33-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-4542-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168900", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4542-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168900);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2021-39698\",\n \"CVE-2022-4139\",\n \"CVE-2022-4378\",\n \"CVE-2022-43945\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4542-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 5 for SLE 15 SP4) (SUSE-SU-2022:4542-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:4542-1 advisory.\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading\n to random memory corruption or data leaks. This flaw could allow a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-4139)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206228\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013266.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f13b0288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43945\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_14_21-150400_24_33-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39698\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_33-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.14.21-150400.24.33-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_14_21-150400_24_33-default-2-150400.2.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.4']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_14_21-150400_24_33-default');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:49", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4614-1 advisory.\n\n - A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. (CVE-2022-2153)\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-28693)\n\n - A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.\n (CVE-2022-2964)\n\n - A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-2978)\n\n - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. (CVE-2022-3169)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability. (CVE-2022-3521)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088. (CVE-2022-3565)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. (CVE-2022-3567)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's Kid-friendly Wired Controller driver.\n This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.\n (CVE-2022-3577)\n\n - A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. (CVE-2022-3586)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.\n (CVE-2022-3594)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920. (CVE-2022-3621)\n\n - A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. (CVE-2022-3625)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability. (CVE-2022-3629)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. (CVE-2022-3646)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.\n The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. (CVE-2022-40307)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user- space client to corrupt the monitor's internal memory. (CVE-2022-43750)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-24T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:4614-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13405", "CVE-2021-4037", "CVE-2022-0171", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-2602", "CVE-2022-28693", "CVE-2022-28748", "CVE-2022-2964", "CVE-2022-2978", "CVE-2022-3169", "CVE-2022-3176", "CVE-2022-3521", "CVE-2022-3524", "CVE-2022-3535", "CVE-2022-3542", "CVE-2022-3545", "CVE-2022-3565", "CVE-2022-3567", "CVE-2022-3577", "CVE-2022-3586", "CVE-2022-3594", "CVE-2022-3621", "CVE-2022-3625", "CVE-2022-3628", "CVE-2022-3629", "CVE-2022-3635", "CVE-2022-3646", "CVE-2022-3649", "CVE-2022-3707", "CVE-2022-3903", "CVE-2022-39189", "CVE-2022-40307", "CVE-2022-40768", "CVE-2022-4095", "CVE-2022-4129", "CVE-2022-4139", "CVE-2022-41850", "CVE-2022-41858", "CVE-2022-42703", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-43750", "CVE-2022-4378", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-03-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-4614-1.NASL", "href": "https://www.tenable.com/plugins/nessus/169288", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4614-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169288);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/22\");\n\n script_cve_id(\n \"CVE-2021-4037\",\n \"CVE-2022-2153\",\n \"CVE-2022-2602\",\n \"CVE-2022-2964\",\n \"CVE-2022-2978\",\n \"CVE-2022-3169\",\n \"CVE-2022-3176\",\n \"CVE-2022-3521\",\n \"CVE-2022-3524\",\n \"CVE-2022-3535\",\n \"CVE-2022-3542\",\n \"CVE-2022-3545\",\n \"CVE-2022-3565\",\n \"CVE-2022-3567\",\n \"CVE-2022-3577\",\n \"CVE-2022-3586\",\n \"CVE-2022-3594\",\n \"CVE-2022-3621\",\n \"CVE-2022-3625\",\n \"CVE-2022-3628\",\n \"CVE-2022-3629\",\n \"CVE-2022-3635\",\n \"CVE-2022-3646\",\n \"CVE-2022-3649\",\n \"CVE-2022-3707\",\n \"CVE-2022-3903\",\n \"CVE-2022-4095\",\n \"CVE-2022-4129\",\n \"CVE-2022-4139\",\n \"CVE-2022-4378\",\n \"CVE-2022-28693\",\n \"CVE-2022-28748\",\n \"CVE-2022-39189\",\n \"CVE-2022-40307\",\n \"CVE-2022-40768\",\n \"CVE-2022-41850\",\n \"CVE-2022-41858\",\n \"CVE-2022-42703\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-43750\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4614-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:4614-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:4614-1 advisory.\n\n - A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that\n allows local users to create files for the XFS file-system with an unintended group ownership and with\n group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a\n certain group and is writable by a user who is not a member of this group. This can lead to excessive\n permissions granted in case when they should not. This vulnerability is similar to the previous\n CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it\n possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This\n flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel\n oops condition that results in a denial of service. (CVE-2022-2153)\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root\n (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD\n CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary\n speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816)\n (CVE-2022-28693)\n\n - A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet\n Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.\n (CVE-2022-2964)\n\n - A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function\n security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use\n this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-2978)\n\n - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request\n of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting\n in a PCIe link disconnect. (CVE-2022-3169)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a\n waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before\n the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free\n to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We\n recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier\n assigned to this vulnerability. (CVE-2022-3521)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this\n vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to\n memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability\n is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the\n component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this\n issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue\n is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier\n of this vulnerability is VDB-211088. (CVE-2022-3565)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier\n assigned to this vulnerability. (CVE-2022-3567)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's Kid-friendly Wired Controller driver.\n This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in\n bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have\n inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.\n (CVE-2022-3577)\n\n - A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb\n enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed)\n into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of\n service. (CVE-2022-3586)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this\n vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The\n manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to\n apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.\n (CVE-2022-3594)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function\n nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads\n to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a\n patch to fix this issue. The identifier of this vulnerability is VDB-211920. (CVE-2022-3621)\n\n - A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function\n devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier\n VDB-211929 was assigned to this vulnerability. (CVE-2022-3625)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects\n the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It\n is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this\n vulnerability. (CVE-2022-3629)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue\n is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation\n leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the\n identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects\n the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The\n manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a\n patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. (CVE-2022-3646)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function\n nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after\n free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.\n The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card\n system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could\n allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This\n issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the\n resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a\n race condition with a resultant use-after-free. (CVE-2022-40307)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information\n from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing\n sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw\n to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading\n to random memory corruption or data leaks. This flaw could allow a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in\n progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to\n crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-\n space client to corrupt the monitor's internal memory. (CVE-2022-43750)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206228\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013337.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7b2d75ea\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-40307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-40768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-4.12.14-10.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'dlm-kmp-rt-4.12.14-10.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'gfs2-kmp-rt-4.12.14-10.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-devel-rt-4.12.14-10.109.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt-4.12.14-10.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt-base-4.12.14-10.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt-devel-4.12.14-10.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt_debug-4.12.14-10.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt_debug-devel-4.12.14-10.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-source-rt-4.12.14-10.109.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-syms-rt-4.12.14-10.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'ocfs2-kmp-rt-4.12.14-10.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:39:51", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4589-1 advisory.\n\n - A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. (CVE-2022-2153)\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-28693)\n\n - A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.\n (CVE-2022-2964)\n\n - A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-2978)\n\n - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. (CVE-2022-3169)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - A use-after-free flaw was found in the Linux kernel's SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-3424)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability. (CVE-2022-3521)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088. (CVE-2022-3565)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. (CVE-2022-3567)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's Kid-friendly Wired Controller driver.\n This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.\n (CVE-2022-3577)\n\n - A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. (CVE-2022-3586)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.\n (CVE-2022-3594)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920. (CVE-2022-3621)\n\n - A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. (CVE-2022-3625)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability. (CVE-2022-3629)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. (CVE-2022-3646)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.\n The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. (CVE-2022-40307)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user- space client to corrupt the monitor's internal memory. (CVE-2022-43750)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-21T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:4589-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13405", "CVE-2021-4037", "CVE-2022-0171", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-2602", "CVE-2022-28693", "CVE-2022-28748", "CVE-2022-2964", "CVE-2022-2978", "CVE-2022-3169", "CVE-2022-3176", "CVE-2022-3424", "CVE-2022-3521", "CVE-2022-3524", "CVE-2022-3535", "CVE-2022-3542", "CVE-2022-3545", "CVE-2022-3565", "CVE-2022-3567", "CVE-2022-3577", "CVE-2022-3586", "CVE-2022-3594", "CVE-2022-3621", "CVE-2022-3625", "CVE-2022-3628", "CVE-2022-3629", "CVE-2022-3635", "CVE-2022-3646", "CVE-2022-3649", "CVE-2022-3707", "CVE-2022-3903", "CVE-2022-39189", "CVE-2022-40307", "CVE-2022-40768", "CVE-2022-4095", "CVE-2022-4129", "CVE-2022-4139", "CVE-2022-41850", "CVE-2022-41858", "CVE-2022-42703", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-43750", "CVE-2022-4378", "CVE-2022-43945", "CVE-2022-45934"], "modified": "2023-03-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_139-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-4589-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168952", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4589-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168952);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/22\");\n\n script_cve_id(\n \"CVE-2021-4037\",\n \"CVE-2022-2153\",\n \"CVE-2022-2602\",\n \"CVE-2022-2964\",\n \"CVE-2022-2978\",\n \"CVE-2022-3169\",\n \"CVE-2022-3176\",\n \"CVE-2022-3424\",\n \"CVE-2022-3521\",\n \"CVE-2022-3524\",\n \"CVE-2022-3535\",\n \"CVE-2022-3542\",\n \"CVE-2022-3545\",\n \"CVE-2022-3565\",\n \"CVE-2022-3567\",\n \"CVE-2022-3577\",\n \"CVE-2022-3586\",\n \"CVE-2022-3594\",\n \"CVE-2022-3621\",\n \"CVE-2022-3625\",\n \"CVE-2022-3628\",\n \"CVE-2022-3629\",\n \"CVE-2022-3635\",\n \"CVE-2022-3646\",\n \"CVE-2022-3649\",\n \"CVE-2022-3707\",\n \"CVE-2022-3903\",\n \"CVE-2022-4095\",\n \"CVE-2022-4129\",\n \"CVE-2022-4139\",\n \"CVE-2022-4378\",\n \"CVE-2022-28693\",\n \"CVE-2022-28748\",\n \"CVE-2022-39189\",\n \"CVE-2022-40307\",\n \"CVE-2022-40768\",\n \"CVE-2022-41850\",\n \"CVE-2022-41858\",\n \"CVE-2022-42703\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-43750\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4589-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:4589-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:4589-1 advisory.\n\n - A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that\n allows local users to create files for the XFS file-system with an unintended group ownership and with\n group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a\n certain group and is writable by a user who is not a member of this group. This can lead to excessive\n permissions granted in case when they should not. This vulnerability is similar to the previous\n CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it\n possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This\n flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel\n oops condition that results in a denial of service. (CVE-2022-2153)\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root\n (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD\n CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-2602)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary\n speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816)\n (CVE-2022-28693)\n\n - A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet\n Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.\n (CVE-2022-2964)\n\n - A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function\n security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use\n this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-2978)\n\n - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request\n of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting\n in a PCIe link disconnect. (CVE-2022-3169)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a\n waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before\n the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free\n to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We\n recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - A use-after-free flaw was found in the Linux kernel's SGI GRU driver in the way the first\n gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the\n gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate\n their privileges on the system. (CVE-2022-3424)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier\n assigned to this vulnerability. (CVE-2022-3521)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this\n vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to\n memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability\n is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the\n component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this\n issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue\n is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier\n of this vulnerability is VDB-211088. (CVE-2022-3565)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier\n assigned to this vulnerability. (CVE-2022-3567)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's Kid-friendly Wired Controller driver.\n This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in\n bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have\n inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.\n (CVE-2022-3577)\n\n - A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb\n enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed)\n into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of\n service. (CVE-2022-3586)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this\n vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The\n manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to\n apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.\n (CVE-2022-3594)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function\n nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads\n to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a\n patch to fix this issue. The identifier of this vulnerability is VDB-211920. (CVE-2022-3621)\n\n - A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function\n devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier\n VDB-211929 was assigned to this vulnerability. (CVE-2022-3625)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects\n the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It\n is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this\n vulnerability. (CVE-2022-3629)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue\n is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation\n leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the\n identifier assigned to this vulnerability. (CVE-2022-3635)\n\n - A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects\n the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The\n manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a\n patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. (CVE-2022-3646)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function\n nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after\n free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.\n The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)\n\n - A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card\n system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could\n allow a local user to crash the system. (CVE-2022-3707)\n\n - An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This\n issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the\n resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a\n race condition with a resultant use-after-free. (CVE-2022-40307)\n\n - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information\n from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n (CVE-2022-40768)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing\n sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw\n to potentially crash the system causing a denial of service. (CVE-2022-4129)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading\n to random memory corruption or data leaks. This flaw could allow a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-4139)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in\n progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to\n crash the system or leak internal kernel information. (CVE-2022-41858)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-\n space client to corrupt the monitor's internal memory. (CVE-2022-43750)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206207\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013294.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1282b20b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-40307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-40768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-43945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-45934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_139-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-devel-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-macros-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-source-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-syms-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'reiserfs-kmp-default-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-syms-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-devel-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-macros-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-source-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.139.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'cluster-md-kmp-default-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'dlm-kmp-default-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'gfs2-kmp-default-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'ocfs2-kmp-default-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'kernel-default-livepatch-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-150200_24_139-default-1-150200.5.5.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'reiserfs-kmp-default-5.3.18-150200.24.139.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:42:04", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12121 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-13T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12121)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-4139", "CVE-2022-42896"], "modified": "2023-02-14T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2023-12121.NASL", "href": "https://www.tenable.com/plugins/nessus/171391", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-12121.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171391);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/14\");\n\n script_cve_id(\"CVE-2022-4139\", \"CVE-2022-42896\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12121)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2023-12121 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading\n to random memory corruption or data leaks. This flaw could allow a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-4139)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-12121.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.316.7.el7', '5.4.17-2136.316.7.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2023-12121');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2136.316.7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.316.7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2136.316.7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.316.7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T17:40:26", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12119 advisory.\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-13T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-12119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-4139", "CVE-2022-42896"], "modified": "2023-02-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2023-12119.NASL", "href": "https://www.tenable.com/plugins/nessus/171396", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-12119.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171396);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/13\");\n\n script_cve_id(\"CVE-2022-4139\", \"CVE-2022-42896\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-12119)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2023-12119 advisory.\n\n - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading\n to random memory corruption or data leaks. This flaw could allow a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-4139)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-12119.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.316.7.el7uek', '5.4.17-2136.316.7.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2023-12119');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2136.316.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.316.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.316.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.316.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.316.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.316.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.316.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.316.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.316.7.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.316.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.316.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2136.316.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2136.316.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'perf-5.4.17'},\n {'reference':'python-perf-5.4.17-2136.316.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python-perf-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.316.7.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.316.7.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.316.7.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.316.7.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.316.7.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.316.7.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.316.7.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.316.7.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.316.7.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:43:40", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5914-1 advisory.\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. (CVE-2022-3567)\n\n - A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel.\n This flaw allows an attacker to conduct a remote denial (CVE-2022-4379)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\n - An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.\n (CVE-2022-47520)\n\n - There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c (CVE-2023-0461)\n\n - A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.\n (CVE-2023-0469)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129) (CVE-2023-0045)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-04T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5914-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3567", "CVE-2022-4129", "CVE-2022-42896", "CVE-2022-4379", "CVE-2022-43945", "CVE-2022-45934", "CVE-2022-47520", "CVE-2023-0045", "CVE-2023-0461", "CVE-2023-0469"], "modified": "2023-03-06T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-6.0.0-1012-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem"], "id": "UBUNTU_USN-5914-1.NASL", "href": "https://www.tenable.com/plugins/nessus/172091", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5914-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172091);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/06\");\n\n script_cve_id(\n \"CVE-2022-3567\",\n \"CVE-2022-4379\",\n \"CVE-2022-42896\",\n \"CVE-2022-43945\",\n \"CVE-2022-45934\",\n \"CVE-2022-47520\",\n \"CVE-2023-0045\",\n \"CVE-2023-0461\",\n \"CVE-2023-0469\"\n );\n script_xref(name:\"USN\", value:\"5914-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5914-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5914-1 advisory.\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier\n assigned to this vulnerability. (CVE-2022-3567)\n\n - A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel.\n This flaw allows an attacker to conduct a remote denial (CVE-2022-4379)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer\n overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send\n buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer\n to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC\n message with garbage data is still correctly formed according to the specification and is passed forward\n to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the\n allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\n - An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in\n drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds\n read when parsing a Robust Security Network (RSN) information element from a Netlink packet.\n (CVE-2022-47520)\n\n - There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local\n privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or\n CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a\n use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can\n install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this\n socket is disconnected and reused as a listener. If a new socket is created from the listener, the context\n is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend\n upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c (CVE-2023-0461)\n\n - A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring\n subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.\n (CVE-2023-0469)\n\n - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing\n sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw\n to potentially crash the system causing a denial of service. (CVE-2022-4129) (CVE-2023-0045)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5914-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-6.0.0-1012-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(22\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^((6.0.0-\\d+-oem))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"6.0.0-\\d+-oem\" : \"6.0.0-1012\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D.*?)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5914-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3567', 'CVE-2022-4379', 'CVE-2022-42896', 'CVE-2022-43945', 'CVE-2022-45934', 'CVE-2022-47520', 'CVE-2023-0045', 'CVE-2023-0461', 'CVE-2023-0469');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5914-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:04", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12008 advisory.\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-12008)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42895", "CVE-2022-4378"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2023-12008.NASL", "href": "https://www.tenable.com/plugins/nessus/169717", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-12008.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169717);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2022-4378\", \"CVE-2022-42895\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-12008)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2023-12008 advisory.\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-12008.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-4378\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.315.5.el7uek', '5.4.17-2136.315.5.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2023-12008');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2136.315.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.315.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.315.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.315.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.315.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.315.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.315.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.315.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.315.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.315.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.315.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2136.315.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2136.315.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'perf-5.4.17'},\n {'reference':'python-perf-5.4.17-2136.315.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python-perf-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.315.5.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.315.5.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.315.5.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.315.5.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.315.5.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.315.5.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.315.5.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.315.5.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.315.5.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:22", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12009 advisory.\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-

openSUSE 15 Security Update : kernel (SUSE-SU-2022:4613-1)

Description

Related