The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4094-1 advisory.
The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. (CVE-2018-13053)
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. (CVE-2018-13093)
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of- bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image. (CVE-2018-13096)
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG). (CVE-2018-13097)
An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. (CVE-2018-13098)
An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of- bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr. (CVE-2018-13099)
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.
(CVE-2018-13100)
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in
__del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. (CVE-2018-14609)
An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c. (CVE-2018-14610)
An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c. (CVE-2018-14611)
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c. (CVE-2018-14612)
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c. (CVE-2018-14613)
An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in
__remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image. (CVE-2018-14614)
An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative. (CVE-2018-14615)
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.
(CVE-2018-14616)
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.
(CVE-2018-14617)
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. (CVE-2018-16862)
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
(CVE-2018-20169)
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.
(CVE-2018-20511)
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an
__blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. (CVE-2018-5383)
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. (CVE-2019-10126)
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)
An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. (CVE-2019-12818)
An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free.
This will cause a denial of service. (CVE-2019-12819)
A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service. (CVE-2019-12984)
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. (CVE-2019-13233)
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit’s pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
(CVE-2019-13272)
In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References:
Upstream kernel (CVE-2019-2024)
In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel.
Android ID: A-111760968. (CVE-2019-2101)
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4094-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(127889);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");
script_cve_id(
"CVE-2018-13053",
"CVE-2018-13093",
"CVE-2018-13096",
"CVE-2018-13097",
"CVE-2018-13098",
"CVE-2018-13099",
"CVE-2018-13100",
"CVE-2018-14609",
"CVE-2018-14610",
"CVE-2018-14611",
"CVE-2018-14612",
"CVE-2018-14613",
"CVE-2018-14614",
"CVE-2018-14615",
"CVE-2018-14616",
"CVE-2018-14617",
"CVE-2018-16862",
"CVE-2018-20169",
"CVE-2018-20511",
"CVE-2018-20856",
"CVE-2018-5383",
"CVE-2019-10126",
"CVE-2019-1125",
"CVE-2019-12614",
"CVE-2019-12818",
"CVE-2019-12819",
"CVE-2019-12984",
"CVE-2019-13233",
"CVE-2019-13272",
"CVE-2019-2024",
"CVE-2019-2101",
"CVE-2019-3846"
);
script_xref(name:"USN", value:"4094-1");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/10");
script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4094-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as
referenced in the USN-4094-1 advisory.
- The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an
integer overflow via a large relative timeout because ktime_add_safe is not used. (CVE-2018-13053)
- An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer
dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted
xfs image. This occurs because of a lack of proper validation that cached inodes are free during
allocation. (CVE-2018-13093)
- An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-
bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted
f2fs image. (CVE-2018-13096)
- An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds
read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a
denial of service (BUG). (CVE-2018-13097)
- An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab
out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set
in an inode. (CVE-2018-13098)
- An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-
bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode
contains an invalid reserved blkaddr. (CVE-2018-13099)
- An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly
validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.
(CVE-2018-13100)
- An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in
__del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc
rb_trees when reloc control has not been initialized. (CVE-2018-14609)
- An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in
write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification
that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in
fs/btrfs/extent-tree.c. (CVE-2018-14610)
- An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in
try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in
btrfs_check_chunk_valid in fs/btrfs/volumes.c. (CVE-2018-14611)
- An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in
btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping
validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in
check_leaf in fs/btrfs/tree-checker.c. (CVE-2018-14612)
- An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in
io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item
validation in check_leaf_item in fs/btrfs/tree-checker.c. (CVE-2018-14613)
- An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in
__remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image. (CVE-2018-14614)
- An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in
truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be
negative. (CVE-2018-14615)
- An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in
fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.
(CVE-2018-14616)
- An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic
in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+
filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.
(CVE-2018-14617)
- A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after
the final file truncation (removal). The new file created with the same inode may contain leftover pages
from cleancache and the old file data instead of the new one. (CVE-2018-16862)
- An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during
the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
(CVE-2018-20169)
- An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in
drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by
leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.
(CVE-2018-20511)
- An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an
__blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)
- Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and
iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate
elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may
allow a remote attacker to obtain the encryption key used by the device. (CVE-2018-5383)
- A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function
in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other
consequences. (CVE-2019-10126)
- An information disclosure vulnerability exists when certain central processing units (CPU) speculatively
access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from
CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)
- An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux
kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause
a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)
- An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in
net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL
pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in
net/nfc/llcp_core.c. (CVE-2019-12818)
- An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in
drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free.
This will cause a denial of service. (CVE-2019-12819)
- A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c
in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC
attributes, leading to denial of service. (CVE-2019-12984)
- In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an
LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds
violation. (CVE-2019-13233)
- In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the
credentials of a process that wants to create a ptrace relationship, which allows local users to obtain
root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops
privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an
object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of
a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper
with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
(CVE-2019-13272)
- In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to
local escalation of privilege with no additional execution privileges needed. User interaction is not
needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References:
Upstream kernel (CVE-2019-2024)
- In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input
validation. This could lead to local information disclosure with no additional execution privileges
needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel.
Android ID: A-111760968. (CVE-2019-2101)
- A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the
mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4094-1");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3846");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-10126");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1021-oracle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1040-gcp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1040-gke");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1042-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1043-raspi2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1050-oem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1060-snapdragon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-58-generic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-58-generic-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-58-lowlatency");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2019-2024 Canonical, Inc. / NASL script (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
include('ksplice.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var kernel_mappings = {
'16.04': {
'4.15.0': {
'generic': '4.15.0-58',
'generic-lpae': '4.15.0-58',
'lowlatency': '4.15.0-58',
'oracle': '4.15.0-1021',
'gcp': '4.15.0-1040'
}
},
'18.04': {
'4.15.0': {
'generic': '4.15.0-58',
'generic-lpae': '4.15.0-58',
'lowlatency': '4.15.0-58',
'oracle': '4.15.0-1021',
'gcp': '4.15.0-1040',
'gke': '4.15.0-1040',
'kvm': '4.15.0-1042',
'raspi2': '4.15.0-1043',
'oem': '4.15.0-1050',
'snapdragon': '4.15.0-1060'
}
}
};
var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);
var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
else
{
audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4094-1');
}
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
var cve_list = make_list('CVE-2018-5383', 'CVE-2018-13053', 'CVE-2018-13093', 'CVE-2018-13096', 'CVE-2018-13097', 'CVE-2018-13098', 'CVE-2018-13099', 'CVE-2018-13100', 'CVE-2018-14609', 'CVE-2018-14610', 'CVE-2018-14611', 'CVE-2018-14612', 'CVE-2018-14613', 'CVE-2018-14614', 'CVE-2018-14615', 'CVE-2018-14616', 'CVE-2018-14617', 'CVE-2018-16862', 'CVE-2018-20169', 'CVE-2018-20511', 'CVE-2018-20856', 'CVE-2019-1125', 'CVE-2019-2024', 'CVE-2019-2101', 'CVE-2019-3846', 'CVE-2019-10126', 'CVE-2019-12614', 'CVE-2019-12818', 'CVE-2019-12819', 'CVE-2019-12984', 'CVE-2019-13233', 'CVE-2019-13272');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4094-1');
}
else
{
extra = extra + ksplice_reporting_text();
}
}
if (extra) {
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
Vendor | Product | Version | CPE |
---|---|---|---|
canonical | ubuntu_linux | linux-image-4.15.0-1021-oracle | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1021-oracle |
canonical | ubuntu_linux | linux-image-4.15.0-1040-gcp | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1040-gcp |
canonical | ubuntu_linux | linux-image-4.15.0-1040-gke | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1040-gke |
canonical | ubuntu_linux | linux-image-4.15.0-1042-kvm | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1042-kvm |
canonical | ubuntu_linux | linux-image-4.15.0-1043-raspi2 | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1043-raspi2 |
canonical | ubuntu_linux | linux-image-4.15.0-1050-oem | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1050-oem |
canonical | ubuntu_linux | linux-image-4.15.0-1060-snapdragon | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1060-snapdragon |
canonical | ubuntu_linux | linux-image-4.15.0-58-generic | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-58-generic |
canonical | ubuntu_linux | linux-image-4.15.0-58-generic-lpae | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-58-generic-lpae |
canonical | ubuntu_linux | linux-image-4.15.0-58-lowlatency | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-58-lowlatency |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14609
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14610
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14611
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14612
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14613
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14614
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14615
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20169
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20856
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5383
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12818
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12984
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13233
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13272
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846
ubuntu.com/security/notices/USN-4094-1