The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2140-1 advisory.
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.
L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn’t need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196)
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. (CVE-2023-0386)
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
(CVE-2023-1670)
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.
(CVE-2023-1855)
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. (CVE-2023-1989)
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. (CVE-2023-1990)
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection.
However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. (CVE-2023-1998)
A flaw was found in the Linux kernel’s udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. (CVE-2023-2008)
A flaw was found in the Linux kernel’s netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. (CVE-2023-2019)
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. (CVE-2023-2176)
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event’s siblings’ attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. (CVE-2023-2235)
In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). (CVE-2023-23006)
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
(CVE-2023-30772)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:2140-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(175547);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/04");
script_cve_id(
"CVE-2022-2196",
"CVE-2023-0386",
"CVE-2023-1670",
"CVE-2023-1855",
"CVE-2023-1989",
"CVE-2023-1990",
"CVE-2023-1998",
"CVE-2023-2008",
"CVE-2023-2019",
"CVE-2023-2176",
"CVE-2023-2235",
"CVE-2023-23006",
"CVE-2023-30772"
);
script_xref(name:"SuSE", value:"SUSE-SU-2023:2140-1");
script_name(english:"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:2140-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are
affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2140-1 advisory.
- A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.
L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after
running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can
execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past
commit 2e7eab81425a (CVE-2022-2196)
- A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with
capabilities was found in the Linux kernel's OverlayFS subsystem in how a user copies a capable file from
a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges
on the system. (CVE-2023-0386)
- A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local
user could use this flaw to crash the system or potentially escalate their privileges on the system.
(CVE-2023-1670)
- A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware
Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system
due to a race problem. This vulnerability could even lead to a kernel information leak problem.
(CVE-2023-1855)
- A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In
this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on
hdev devices. (CVE-2023-1989)
- A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw
could allow an attacker to crash the system due to a race problem. (CVE-2023-1990)
- The Linux kernel allows userspace processes to enable mitigations by calling prctl with
PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed
that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to
attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be
observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened
because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that
STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection.
However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons,
which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target
injection against which STIBP protects. (CVE-2023-1998)
- A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault
handler. The issue results from the lack of proper validation of user-supplied data, which can result in a
memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges
and execute arbitrary code in the context of the kernel. (CVE-2023-2008)
- A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This
issue results from the improper management of a reference count. This may allow an attacker to create a
denial of service condition on the system. (CVE-2023-2019)
- A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux
Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem
to crash the system or escalation of privilege. (CVE-2023-2176)
- A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve
local privilege escalation. The perf_group_detach function did not check the event's siblings'
attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call
list_del_event() on before detaching from their group, making it possible to use a dangling pointer
causing a use-after-free vulnerability. We recommend upgrading past commit
fd0815f632c24878e325821943edccc7fde947a2. (CVE-2023-2235)
- In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c
misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is
actually an error pointer). (CVE-2023-23006)
- The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in
drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
(CVE-2023-30772)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1142685");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1155798");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1174777");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189999");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194869");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203039");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203325");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204042");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1206649");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1206891");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1206992");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1207088");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208076");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208822");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208845");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209615");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209693");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209739");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209871");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209927");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209999");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210034");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210158");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210202");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210206");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210301");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210329");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210336");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210337");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210439");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210453");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210454");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210469");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210499");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210506");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210629");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210630");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210725");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210762");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210763");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210764");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210765");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210766");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210767");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210768");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210769");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210770");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210771");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210793");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210816");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210817");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210827");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210943");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210953");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210986");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1211025");
script_set_attribute(attribute:"see_also", value:"https://lists.suse.com/pipermail/sle-updates/2023-May/029296.html");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2196");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-0386");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1670");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1855");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1989");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1990");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1998");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2008");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2019");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2176");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2235");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-23006");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-30772");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-2235");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-2196");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/09");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dlm-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-64kb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-64kb-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-livepatch");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_63-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES|SUSE)") audit(AUDIT_OS_NOT, "SUSE / openSUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+|SUSE([\d.]+))", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15|SUSE15\.4)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLED15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED15 SP4", os_ver + " SP" + service_pack);
if (os_ver == "SLED_SAP15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED_SAP15 SP4", os_ver + " SP" + service_pack);
if (os_ver == "SLES15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP4", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP4", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'kernel-64kb-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-64kb-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-64kb-devel-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-64kb-devel-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-default-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-default-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-default-devel-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-default-devel-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-default-extra-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-default-extra-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-devel-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-devel-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-macros-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-macros-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-obs-build-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-obs-build-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-source-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-source-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-syms-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-syms-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-zfcpdump-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'s390x', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-zfcpdump-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'reiserfs-kmp-default-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-64kb-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-64kb-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-64kb-devel-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-64kb-devel-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-default-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-default-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-default-devel-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-default-devel-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-devel-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-devel-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-macros-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-macros-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-obs-build-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-obs-build-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-source-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-source-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-syms-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-syms-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-zfcpdump-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-zfcpdump-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'reiserfs-kmp-default-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},
{'reference':'cluster-md-kmp-64kb-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'cluster-md-kmp-default-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dlm-kmp-64kb-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dlm-kmp-default-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-allwinner-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-altera-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-amazon-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-amd-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-amlogic-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-apm-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-apple-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-arm-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-broadcom-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-cavium-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-exynos-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-freescale-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-hisilicon-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-lg-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-marvell-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-mediatek-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-nvidia-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-qcom-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-renesas-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-rockchip-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-socionext-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-sprd-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-xilinx-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'gfs2-kmp-64kb-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'gfs2-kmp-default-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-64kb-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-64kb-devel-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-64kb-extra-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-64kb-livepatch-devel-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-64kb-optional-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-debug-5.14.21-150400.24.63.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-debug-devel-5.14.21-150400.24.63.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-debug-livepatch-devel-5.14.21-150400.24.63.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-default-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-default-base-rebuild-5.14.21-150400.24.63.1.150400.24.27.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-default-base-rebuild-5.14.21-150400.24.63.1.150400.24.27.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-default-devel-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-default-extra-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-default-livepatch-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-default-livepatch-devel-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-default-optional-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-devel-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-kvmsmall-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-kvmsmall-5.14.21-150400.24.63.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-kvmsmall-devel-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-kvmsmall-devel-5.14.21-150400.24.63.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.63.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-macros-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-obs-build-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-obs-qa-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-source-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-source-vanilla-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-syms-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kernel-zfcpdump-5.14.21-150400.24.63.1', 'cpu':'s390x', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kselftests-kmp-64kb-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'kselftests-kmp-default-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'ocfs2-kmp-64kb-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'ocfs2-kmp-default-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'reiserfs-kmp-64kb-5.14.21-150400.24.63.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'reiserfs-kmp-default-5.14.21-150400.24.63.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'cluster-md-kmp-default-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.4']},
{'reference':'dlm-kmp-default-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.4']},
{'reference':'gfs2-kmp-default-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.4']},
{'reference':'ocfs2-kmp-default-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.4']},
{'reference':'kernel-default-livepatch-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.4']},
{'reference':'kernel-default-livepatch-devel-5.14.21-150400.24.63.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.4']},
{'reference':'kernel-livepatch-5_14_21-150400_24_63-default-1-150400.9.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.4']},
{'reference':'kernel-default-extra-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-default-extra-5.14.21-150400.24.63.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / dlm-kmp-64kb / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | cluster-md-kmp-default | p-cpe:/a:novell:suse_linux:cluster-md-kmp-default |
novell | suse_linux | dlm-kmp-default | p-cpe:/a:novell:suse_linux:dlm-kmp-default |
novell | suse_linux | gfs2-kmp-default | p-cpe:/a:novell:suse_linux:gfs2-kmp-default |
novell | suse_linux | kernel-64kb | p-cpe:/a:novell:suse_linux:kernel-64kb |
novell | suse_linux | kernel-64kb-devel | p-cpe:/a:novell:suse_linux:kernel-64kb-devel |
novell | suse_linux | kernel-default | p-cpe:/a:novell:suse_linux:kernel-default |
novell | suse_linux | kernel-default-base | p-cpe:/a:novell:suse_linux:kernel-default-base |
novell | suse_linux | kernel-default-devel | p-cpe:/a:novell:suse_linux:kernel-default-devel |
novell | suse_linux | kernel-default-extra | p-cpe:/a:novell:suse_linux:kernel-default-extra |
novell | suse_linux | kernel-default-livepatch | p-cpe:/a:novell:suse_linux:kernel-default-livepatch |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2196
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1855
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1990
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2235
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30772
bugzilla.suse.com/1142685
bugzilla.suse.com/1155798
bugzilla.suse.com/1174777
bugzilla.suse.com/1189999
bugzilla.suse.com/1194869
bugzilla.suse.com/1203039
bugzilla.suse.com/1203325
bugzilla.suse.com/1204042
bugzilla.suse.com/1206649
bugzilla.suse.com/1206891
bugzilla.suse.com/1206992
bugzilla.suse.com/1207088
bugzilla.suse.com/1208076
bugzilla.suse.com/1208822
bugzilla.suse.com/1208845
bugzilla.suse.com/1209615
bugzilla.suse.com/1209693
bugzilla.suse.com/1209739
bugzilla.suse.com/1209871
bugzilla.suse.com/1209927
bugzilla.suse.com/1209999
bugzilla.suse.com/1210034
bugzilla.suse.com/1210158
bugzilla.suse.com/1210202
bugzilla.suse.com/1210206
bugzilla.suse.com/1210301
bugzilla.suse.com/1210329
bugzilla.suse.com/1210336
bugzilla.suse.com/1210337
bugzilla.suse.com/1210439
bugzilla.suse.com/1210453
bugzilla.suse.com/1210454
bugzilla.suse.com/1210469
bugzilla.suse.com/1210499
bugzilla.suse.com/1210506
bugzilla.suse.com/1210629
bugzilla.suse.com/1210630
bugzilla.suse.com/1210725
bugzilla.suse.com/1210729
bugzilla.suse.com/1210762
bugzilla.suse.com/1210763
bugzilla.suse.com/1210764
bugzilla.suse.com/1210765
bugzilla.suse.com/1210766
bugzilla.suse.com/1210767
bugzilla.suse.com/1210768
bugzilla.suse.com/1210769
bugzilla.suse.com/1210770
bugzilla.suse.com/1210771
bugzilla.suse.com/1210793
bugzilla.suse.com/1210816
bugzilla.suse.com/1210817
bugzilla.suse.com/1210827
bugzilla.suse.com/1210943
bugzilla.suse.com/1210953
bugzilla.suse.com/1210986
bugzilla.suse.com/1211025
lists.suse.com/pipermail/sle-updates/2023-May/029296.html
www.suse.com/security/cve/CVE-2022-2196
www.suse.com/security/cve/CVE-2023-0386
www.suse.com/security/cve/CVE-2023-1670
www.suse.com/security/cve/CVE-2023-1855
www.suse.com/security/cve/CVE-2023-1989
www.suse.com/security/cve/CVE-2023-1990
www.suse.com/security/cve/CVE-2023-1998
www.suse.com/security/cve/CVE-2023-2008
www.suse.com/security/cve/CVE-2023-2019
www.suse.com/security/cve/CVE-2023-2176
www.suse.com/security/cve/CVE-2023-2235
www.suse.com/security/cve/CVE-2023-23006
www.suse.com/security/cve/CVE-2023-30772