Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5562-1.NASL
HistoryAug 10, 2022 - 12:00 a.m.

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5562-1)

2022-08-1000:00:00
Ubuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
144

8.3 High

AI Score

Confidence

High

JSON

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5562-1 advisory.

  • A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)

  • A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)

  • Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)

  • A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)

  • A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
    (CVE-2022-1734)

  • A use-after-free flaw was found in the Linux kernel’s NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. (CVE-2022-1974)

  • There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. (CVE-2022-1975)

  • It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. (CVE-2022-2586)

  • It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. (CVE-2022-2588)

  • The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)

  • An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5562-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(164036);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id(
    "CVE-2022-0494",
    "CVE-2022-1048",
    "CVE-2022-1652",
    "CVE-2022-1679",
    "CVE-2022-1734",
    "CVE-2022-1974",
    "CVE-2022-1975",
    "CVE-2022-2586",
    "CVE-2022-2588",
    "CVE-2022-28893",
    "CVE-2022-34918"
  );
  script_xref(name:"USN", value:"5562-1");

  script_name(english:"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5562-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as
referenced in the USN-5562-1 advisory.

  - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in
    the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or
    CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)

  - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers
    concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM
    for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the
    system. (CVE-2022-1048)

  - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency
    use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker
    could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the
    system. (CVE-2022-1652)

  - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user
    forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local
    user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)

  - A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use
    after free both read or write when non synchronized between cleanup routine and firmware download routine.
    (CVE-2022-1734)

  - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition
    between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN
    privilege to leak kernel information. (CVE-2022-1974)

  - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by
    simulating a nfc device from user-space. (CVE-2022-1975)

  - It was discovered that a nft object or expression could reference a nft set on a different nft table,
    leading to a use-after-free once that table was deleted. (CVE-2022-2586)

  - It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old
    filter from the hashtable before freeing it if its handle had the value 0. (CVE-2022-2588)

  - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets
    are in the intended state. (CVE-2022-28893)

  - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init
    (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different
    vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an
    unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data
    in net/netfilter/nf_tables_api.c. (CVE-2022-34918)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5562-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-34918");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/08/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1031-ibm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1044-bluefield");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1051-gkeop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1068-raspi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1073-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1080-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1081-oracle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1083-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1086-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1089-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-124-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-124-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-124-lowlatency");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '18.04': {
    '5.4.0': {
      'generic': '5.4.0-124',
      'generic-lpae': '5.4.0-124',
      'lowlatency': '5.4.0-124',
      'ibm': '5.4.0-1031',
      'gkeop': '5.4.0-1051',
      'raspi': '5.4.0-1068',
      'gke': '5.4.0-1080',
      'oracle': '5.4.0-1081',
      'aws': '5.4.0-1083',
      'gcp': '5.4.0-1086',
      'azure': '5.4.0-1089'
    }
  },
  '20.04': {
    '5.4.0': {
      'generic': '5.4.0-124',
      'generic-lpae': '5.4.0-124',
      'lowlatency': '5.4.0-124',
      'ibm': '5.4.0-1031',
      'bluefield': '5.4.0-1044',
      'gkeop': '5.4.0-1051',
      'raspi': '5.4.0-1068',
      'kvm': '5.4.0-1073',
      'gke': '5.4.0-1080',
      'oracle': '5.4.0-1081',
      'aws': '5.4.0-1083',
      'gcp': '5.4.0-1086',
      'azure': '5.4.0-1089'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5562-1');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1048', 'CVE-2022-1652', 'CVE-2022-1679', 'CVE-2022-1734', 'CVE-2022-1974', 'CVE-2022-1975', 'CVE-2022-2586', 'CVE-2022-2588', 'CVE-2022-28893', 'CVE-2022-34918');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5562-1');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linuxlinux-image-5.4.0-1031-ibmp-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1031-ibm
canonicalubuntu_linuxlinux-image-5.4.0-1044-bluefieldp-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1044-bluefield
canonicalubuntu_linuxlinux-image-5.4.0-1051-gkeopp-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1051-gkeop
canonicalubuntu_linuxlinux-image-5.4.0-1068-raspip-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1068-raspi
canonicalubuntu_linuxlinux-image-5.4.0-1073-kvmp-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1073-kvm
canonicalubuntu_linuxlinux-image-5.4.0-1080-gkep-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1080-gke
canonicalubuntu_linuxlinux-image-5.4.0-1081-oraclep-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1081-oracle
canonicalubuntu_linuxlinux-image-5.4.0-1083-awsp-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1083-aws
Rows per page:
1-10 of 151

Related

nessus 59
osv 13
openvas 24
ubuntu 14
ubuntucve 7
cve 8
prion 6
debiancve 7
mageia 2
oraclelinux 2
redos 3
photon 4
fedora 2
suse 3
cbl_mariner 9
veracode 6
redhatcve 6
githubexploit 9
zdt 1
metasploit 1
packetstorm 1
redhat 9
f5 1
zdi 1
debian 1
nessus
nessus
Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5582-1)
2022-08-25 00:00:00
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5560-1)
2022-08-10 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5544-1)
2022-08-02 00:00:00
osv
osv
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
2022-08-10 14:30:41
linux-azure-fde vulnerabilities
2022-08-25 03:58:20
linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2022-08-10 11:17:35
openvas
openvas
Ubuntu: Security Advisory (USN-5562-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-5582-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-5560-1)
2022-08-26 00:00:00
ubuntu
ubuntu
Linux kernel (Azure CVM) vulnerabilities
2022-08-25 00:00:00
Linux kernel vulnerabilities
2022-08-10 00:00:00
Linux kernel vulnerabilities
2022-08-10 00:00:00
ubuntucve
ubuntucve
CVE-2022-34918
2022-07-04 00:00:00
CVE-2022-28893
2022-04-11 00:00:00
CVE-2022-2586
2022-08-09 00:00:00
cve
cve
CVE-2022-34918
2022-07-04 21:15:00
CVE-2022-28893
2022-04-11 05:15:00
CVE-2022-2586
2024-01-08 18:15:44
prion
prion
Type confusion
2022-07-04 21:15:00
Code injection
2022-04-11 05:15:00
Design/Logic Flaw
2024-01-08 18:15:00
debiancve
debiancve
CVE-2022-34918
2022-07-04 21:15:00
CVE-2022-28893
2022-04-11 05:15:00
CVE-2022-32250
2022-06-02 21:15:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2022-08-26 00:21:07
Updated kernel-linus packages fix security vulnerabilities
2022-08-26 00:21:07
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2022-09-21 00:00:00
Unbreakable Enterprise kernel-container security update
2022-09-21 00:00:00
redos
redos
ROS-20220908-01
2022-09-08 00:00:00
ROS-20220516-07
2022-05-16 00:00:00
ROS-20220619-01
2022-06-19 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0226
2022-08-10 00:00:00
Moderate Photon OS Security Update - PHSA-2022-0506
2022-08-10 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0226
2022-08-10 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: kernel-5.18.17-200.fc36
2022-08-14 02:39:58
[SECURITY] Fedora 35 Update: kernel-5.18.17-100.fc35
2022-08-14 03:02:16
suse
suse
Security update for the Linux Kernel (important)
2022-06-24 00:00:00
Security update for the Linux Kernel (important)
2022-09-01 00:00:00
Security update for the Linux Kernel (important)
2022-06-24 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-28893 affecting package kernel 5.15.37.1-2
2022-06-03 17:54:27
CVE-2022-34918 affecting package kernel 5.15.48.1-4
2022-08-03 21:15:19
CVE-2022-28893 affecting package kernel 5.10.116.1-1
2022-06-15 17:03:30
veracode
veracode
Use-After-Free
2022-09-16 19:36:00
Privilege Escalation
2022-09-16 19:39:12
Denial Of Service (DoS)
2022-09-16 19:53:28
redhatcve
redhatcve
CVE-2022-28893
2022-04-11 19:44:39
CVE-2022-34918
2022-07-06 09:06:11
CVE-2022-32250
2022-06-07 02:30:38
githubexploit
githubexploit
Exploit for Type Confusion in Linux Linux Kernel
2022-07-24 14:47:40
Exploit for Type Confusion in Linux Linux Kernel
2022-07-25 06:13:41
Exploit for Type Confusion in Linux Linux Kernel
2022-08-02 09:52:02
zdt
zdt
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation Exploit
2022-09-28 00:00:00
metasploit
metasploit
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
2022-07-20 11:51:22
packetstorm
packetstorm
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
2022-09-28 00:00:00
redhat
redhat
(RHSA-2022:6592) Important: kpatch-patch security update
2022-09-20 11:37:42
(RHSA-2022:5641) Important: kpatch-patch security update
2022-07-19 15:16:32
(RHSA-2022:6075) Important: kpatch-patch security update
2022-08-16 10:20:20
f5
f5
K000133447 : Linux kernel vulnerability CVE-2022-32250
2023-04-11 00:00:00
zdi
zdi
Linux Kernel nf_tables_expr_destroy Use-After-Free Privilege Escalation Vulnerability
2023-12-20 00:00:00
debian
debian
[SECURITY] [DSA 5161-1] linux security update
2022-06-11 09:15:06

8.3 High

AI Score

Confidence

High

JSON
Related for UBUNTU_USN-5562-1.NASL
nessus59osv13openvas24ubuntu14ubuntucve7cve8prion6debiancve7mageia2oraclelinux2redos3photon4fedora2suse3cbl_mariner9veracode6redhatcve6githubexploit9zdt1metasploit1packetstorm1redhat9f51zdi1debian1