Search...

Fedora Update for kernel-tools FEDORA-2019-1e8a4c6958

2019-05-07T00:00:00

ID OPENVAS:1361412562310876315
Type openvas
Reporter Copyright (C) 2019 Greenbone Networks GmbH
Modified 2020-02-03T00:00:00

Description

The remote host is missing an update for the

                                        
                                            # Copyright (C) 2019 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) the respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.876315");
  script_version("2020-02-03T08:05:42+0000");
  script_cve_id("CVE-2019-9500");
  script_tag(name:"cvss_base", value:"7.9");
  script_tag(name:"cvss_base_vector", value:"AV:A/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)");
  script_tag(name:"creation_date", value:"2019-05-07 02:44:10 +0000 (Tue, 07 May 2019)");
  script_name("Fedora Update for kernel-tools FEDORA-2019-1e8a4c6958");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2019 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC29");

  script_xref(name:"FEDORA", value:"2019-1e8a4c6958");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQCWYNXJMONKRGQZ4INRHSYQBMGD2LJX");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel-tools'
  package(s) announced via the FEDORA-2019-1e8a4c6958 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This package contains the tools/ directory from the kernel source
and the supporting documentation.");

  script_tag(name:"affected", value:"'kernel-tools' package(s) on Fedora 29.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "FC29") {

  if(!isnull(res = isrpmvuln(pkg:"kernel-tools", rpm:"kernel-tools~5.0.9~200.fc29", rls:"FC29"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if (__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310876315", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for kernel-tools FEDORA-2019-1e8a4c6958", "description": "The remote host is missing an update for the ", "published": "2019-05-07T00:00:00", "modified": "2020-02-03T00:00:00", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876315", "reporter": "Copyright (C) 2019 Greenbone Networks GmbH", "references": ["2019-1e8a4c6958", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQCWYNXJMONKRGQZ4INRHSYQBMGD2LJX"], "cvelist": ["CVE-2019-9500"], "lastseen": "2020-02-03T17:12:17", "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-9500"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2019-2600.NASL", "FEDORA_2019-E84F6C34DA.NASL", "FEDORA_2019-1E8A4C6958.NASL", "ORACLELINUX_ELSA-2019-2600.NASL", "REDHAT-RHSA-2019-2945.NASL", "SL_20190903_KERNEL_ON_SL7_X.NASL", "REDHAT-RHSA-2019-4168.NASL", "REDHAT-RHSA-2019-2600.NASL", "FEDORA_2019-1B986880EA.NASL", "REDHAT-RHSA-2019-4171.NASL"]}, {"type": "redhat", "idList": ["RHSA-2019:2703", "RHSA-2019:2600", "RHSA-2019:3217", "RHSA-2019:2741", "RHSA-2019:4168", "RHSA-2019:4171", "RHSA-2019:2945", "RHSA-2019:2609"]}, {"type": "fedora", "idList": ["FEDORA:3FF78605E21A", "FEDORA:22F34600CBDE", "FEDORA:89C9C6051B3A", "FEDORA:F12996087537", "FEDORA:85FBF6076011", "FEDORA:405AE605F20B", "FEDORA:3486E60876B3", "FEDORA:0C56A6076013", "FEDORA:0EBE0612DECF", "FEDORA:690DE6022BA8"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844004", "OPENVAS:1361412562310844009", "OPENVAS:1361412562310844012", "OPENVAS:1361412562310852870", "OPENVAS:1361412562310844006", "OPENVAS:1361412562310875638", "OPENVAS:1361412562310883107", "OPENVAS:1361412562310875575", "OPENVAS:1361412562310844010", "OPENVAS:1361412562310875579"]}, {"type": "centos", "idList": ["CESA-2019:2600"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5715", "ELSA-2019-2703", "ELSA-2019-2600"]}, {"type": "mscve", "idList": ["MS:ADV190017"]}, {"type": "cert", "idList": ["VU:166939"]}, {"type": "attackerkb", "idList": ["AKB:E144DDF5-BA54-49FB-B30B-34FF2B8B7F5E"]}, {"type": "amazon", "idList": ["ALAS-2019-1214", "ALAS2-2019-1214"]}, {"type": "ubuntu", "idList": ["USN-3980-2", "USN-3981-2", "USN-3979-1", "USN-3980-1", "USN-3981-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:02669B806A06D41B24DA398CE2D4EEFD"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1404-1", "OPENSUSE-SU-2019:1479-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4465-1:304F1", "DEBIAN:DLA-1824-1:6789E"]}], "modified": "2020-02-03T17:12:17", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2020-02-03T17:12:17", "rev": 2}, "vulnersScore": 7.6}, "pluginID": "1361412562310876315", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876315\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2019-9500\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:44:10 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for kernel-tools FEDORA-2019-1e8a4c6958\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1e8a4c6958\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQCWYNXJMONKRGQZ4INRHSYQBMGD2LJX\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-tools'\n package(s) announced via the FEDORA-2019-1e8a4c6958 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the tools/ directory from the kernel source\nand the supporting documentation.\");\n\n script_tag(name:\"affected\", value:\"'kernel-tools' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~5.0.9~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T07:13:06", "description": "The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-01-16T21:15:00", "title": "CVE-2019-9500", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9500"], "modified": "2020-01-29T15:19:00", "cpe": ["cpe:/a:broadcom:brcmfmac_driver:-"], "id": "CVE-2019-9500", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9500", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:broadcom:brcmfmac_driver:-:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-30T05:38:23", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.6\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n(CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [HPEMC 7.7 BUG] Protect against concurrent calls into UV BIOS\n(BZ#1720367)\n\n* A cluster node has multiple hung 'mv' processes that are accessing a\ngfs2 filesystem. (BZ#1721911)\n\n* alua messages flooding serial console leading to cluster failover\ndelays (BZ#1754849)\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755329)\n\n* kernel build: speed up module compression step (BZ#1755338)\n\n* Nested VirtualBox VMs on Windows guest has the potential of\nimpacting memory region allocated to other KVM guests (BZ#1755782)\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not\nenabled in VM. (BZ#1757756)\n\n* OS getting restarted because of driver issue with QLogic Corp.\nISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev\n02). (BZ#1759446)\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic()\n(BZ#1772810)", "edition": 18, "cvss3": {"score": 8.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-12-12T00:00:00", "title": "RHEL 7 : kernel (RHSA-2019:4168)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500"], "modified": "2019-12-12T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2019-4168.NASL", "href": "https://www.tenable.com/plugins/nessus/131982", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4168. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131982);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/29\");\n\n script_cve_id(\"CVE-2019-9500\");\n script_xref(name:\"RHSA\", value:\"2019:4168\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:4168)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.6\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n(CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [HPEMC 7.7 BUG] Protect against concurrent calls into UV BIOS\n(BZ#1720367)\n\n* A cluster node has multiple hung 'mv' processes that are accessing a\ngfs2 filesystem. (BZ#1721911)\n\n* alua messages flooding serial console leading to cluster failover\ndelays (BZ#1754849)\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755329)\n\n* kernel build: speed up module compression step (BZ#1755338)\n\n* Nested VirtualBox VMs on Windows guest has the potential of\nimpacting memory region allocated to other KVM guests (BZ#1755782)\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not\nenabled in VM. (BZ#1757756)\n\n* OS getting restarted because of driver issue with QLogic Corp.\nISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev\n02). (BZ#1759446)\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic()\n(BZ#1772810)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9500\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.6\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-9500\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:4168\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4168\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", reference:\"kernel-abi-whitelists-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", reference:\"kernel-doc-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"perf-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"python-perf-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-957.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.41.1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-30T05:38:23", "description": "An update for kpatch-patch is now available for Red Hat Enterprise\nLinux 7.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis is a kernel live patch module which is automatically loaded by\nthe RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix :\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n(CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 17, "cvss3": {"score": 8.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-12-12T00:00:00", "title": "RHEL 7 : kpatch-patch (RHSA-2019:4171)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500"], "modified": "2019-12-12T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_1-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_2-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_1-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_3-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_3", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_2-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_2"], "id": "REDHAT-RHSA-2019-4171.NASL", "href": "https://www.tenable.com/plugins/nessus/131983", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4171. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131983);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/29\");\n\n script_cve_id(\"CVE-2019-9500\");\n script_xref(name:\"RHSA\", value:\"2019:4171\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2019:4171)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for kpatch-patch is now available for Red Hat Enterprise\nLinux 7.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis is a kernel live patch module which is automatically loaded by\nthe RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix :\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n(CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9500\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.6\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4171\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-957_35_1-1-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-957_35_1-debuginfo-1-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-957_35_2-1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-957_35_2-debuginfo-1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-957_38_1-1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-957_38_1-debuginfo-1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-957_38_2-1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-957_38_2-debuginfo-1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-957_38_3-1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-957_38_3-debuginfo-1-1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kpatch-patch-3_10_0-957_35_1 / etc\");\n }\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T02:29:19", "description": "The 5.0.9 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 8.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-04-25T00:00:00", "title": "Fedora 29 : kernel / kernel-headers / kernel-tools (2019-1e8a4c6958)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "p-cpe:/a:fedoraproject:fedora:kernel-headers"], "id": "FEDORA_2019-1E8A4C6958.NASL", "href": "https://www.tenable.com/plugins/nessus/124284", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-1e8a4c6958.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124284);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/31\");\n\n script_cve_id(\"CVE-2019-9500\");\n script_xref(name:\"FEDORA\", value:\"2019-1e8a4c6958\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers / kernel-tools (2019-1e8a4c6958)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.0.9 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1e8a4c6958\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-9500\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-1e8a4c6958\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-5.0.9-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-5.0.9-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-tools-5.0.9-200.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T02:37:22", "description": "The 5.0.9 update contains a number of important fixes across the tree.\nIt also works around a [significant\nbug](https://bugzilla.redhat.com/show_bug.cgi?id=1697591) which\nprevents X from running on some Intel graphics hardware.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 8.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-05-02T00:00:00", "title": "Fedora 30 : kernel / kernel-headers / kernel-tools (2019-e84f6c34da)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "p-cpe:/a:fedoraproject:fedora:kernel-headers"], "id": "FEDORA_2019-E84F6C34DA.NASL", "href": "https://www.tenable.com/plugins/nessus/124552", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-e84f6c34da.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124552);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/31\");\n\n script_cve_id(\"CVE-2019-9500\");\n script_xref(name:\"FEDORA\", value:\"2019-e84f6c34da\");\n\n script_name(english:\"Fedora 30 : kernel / kernel-headers / kernel-tools (2019-e84f6c34da)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.0.9 update contains a number of important fixes across the tree.\nIt also works around a [significant\nbug](https://bugzilla.redhat.com/show_bug.cgi?id=1697591) which\nprevents X from running on some Intel graphics hardware.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-e84f6c34da\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1697591\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-9500\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-e84f6c34da\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"kernel-5.0.9-301.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"kernel-headers-5.0.9-300.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"kernel-tools-5.0.9-300.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T02:29:15", "description": "The 5.0.9 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 8.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-04-26T00:00:00", "title": "Fedora 28 : kernel / kernel-headers / kernel-tools (2019-1b986880ea)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-1B986880EA.NASL", "href": "https://www.tenable.com/plugins/nessus/124308", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-1b986880ea.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124308);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/31\");\n\n script_cve_id(\"CVE-2019-9500\");\n script_xref(name:\"FEDORA\", value:\"2019-1b986880ea\");\n\n script_name(english:\"Fedora 28 : kernel / kernel-headers / kernel-tools (2019-1b986880ea)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.0.9 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1b986880ea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-9500\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-1b986880ea\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"kernel-5.0.9-100.fc28\")) flag++;\nif (rpm_check(release:\"FC28\", reference:\"kernel-headers-5.0.9-100.fc28\")) flag++;\nif (rpm_check(release:\"FC28\", reference:\"kernel-tools-5.0.9-100.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-30T05:36:10", "description": "An update for kpatch-patch is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis is a kernel live patch module which is automatically loaded by\nthe RPM post-install script to modify the code of a running kernel.\n\nSecurity fix(es) :\n\n* If the Wake-up on Wireless LAN functionality is configured in the\nbrcmfmac driver, which only works with Broadcom FullMAC chipsets, a\nmalicious event frame can be constructed to trigger a heap buffer\noverflow in the brcmf_wowl_nd_results() function. This vulnerability\ncan be exploited by compromised chipsets to compromise the host, or\nwhen used in combination with another brcmfmac driver flaw\n(CVE-2019-9503), can be used remotely. This can result in a remote\ndenial of service (DoS). Due to the nature of the flaw, a remote\nprivilege escalation cannot be fully ruled out. (CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgements, and other related information, refer to\nthe CVE page (s) listed in the References section.", "edition": 19, "cvss3": {"score": 8.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-10-02T00:00:00", "title": "RHEL 7 : kpatch-patch (RHSA-2019:2945)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500", "CVE-2019-9503"], "modified": "2019-10-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062-debuginfo"], "id": "REDHAT-RHSA-2019-2945.NASL", "href": "https://www.tenable.com/plugins/nessus/129519", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2945. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129519);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/29\");\n\n script_cve_id(\"CVE-2019-9500\");\n script_xref(name:\"RHSA\", value:\"2019:2945\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2019:2945)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for kpatch-patch is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis is a kernel live patch module which is automatically loaded by\nthe RPM post-install script to modify the code of a running kernel.\n\nSecurity fix(es) :\n\n* If the Wake-up on Wireless LAN functionality is configured in the\nbrcmfmac driver, which only works with Broadcom FullMAC chipsets, a\nmalicious event frame can be constructed to trigger a heap buffer\noverflow in the brcmf_wowl_nd_results() function. This vulnerability\ncan be exploited by compromised chipsets to compromise the host, or\nwhen used in combination with another brcmfmac driver flaw\n(CVE-2019-9503), can be used remotely. This can result in a remote\ndenial of service (DoS). Due to the nature of the flaw, a remote\nprivilege escalation cannot be fully ruled out. (CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgements, and other related information, refer to\nthe CVE page (s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9500\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected kpatch-patch-3_10_0-1062 and / or\nkpatch-patch-3_10_0-1062-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2945\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062-1-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062-debuginfo-1-2.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kpatch-patch-3_10_0-1062 / kpatch-patch-3_10_0-1062-debuginfo\");\n }\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T05:47:30", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n(CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* BUG: scheduling while atomic in zswap (BZ#1737372)\n\n* kernel-rt: update to the RHEL7.7.z batch#1 source tree (BZ#1740918)", "edition": 20, "cvss3": {"score": 8.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-09-04T00:00:00", "title": "RHEL 7 : kernel-rt (RHSA-2019:2609)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500", "CVE-2019-1125"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "id": "REDHAT-RHSA-2019-2609.NASL", "href": "https://www.tenable.com/plugins/nessus/128498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2609. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128498);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2019-1125\", \"CVE-2019-9500\");\n script_xref(name:\"RHSA\", value:\"2019:2609\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2019:2609)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n(CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* BUG: scheduling while atomic in zswap (BZ#1737372)\n\n* kernel-rt: update to the RHEL7.7.z batch#1 source tree (BZ#1740918)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/4329821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-1125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9500\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-1125\", \"CVE-2019-9500\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:2609\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2609\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-1062.1.1.rt56.1024.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T05:47:30", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n(CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734333)\n\n* Race condition in /dev/sg due to missing synchronization causes\ncorruption in RHV (BZ#1737380)\n\n* panic handing smb2_reconnect due to a use after free (BZ#1737382)\n\n* NFSv4.1 client stuck in infinite loop when received\nNFS4ERR_SEQ_MISORDERED error (BZ#1739077)\n\n* Backport TCP follow-up for small buffers (BZ#1739130)", "edition": 20, "cvss3": {"score": 8.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-09-04T00:00:00", "title": "RHEL 7 : kernel (RHSA-2019:2600)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500", "CVE-2019-1125"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo"], "id": "REDHAT-RHSA-2019-2600.NASL", "href": "https://www.tenable.com/plugins/nessus/128495", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2600. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128495);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2019-1125\", \"CVE-2019-9500\");\n script_xref(name:\"RHSA\", value:\"2019:2600\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:2600)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n(CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734333)\n\n* Race condition in /dev/sg due to missing synchronization causes\ncorruption in RHV (BZ#1737380)\n\n* panic handing smb2_reconnect due to a use after free (BZ#1737382)\n\n* NFSv4.1 client stuck in infinite loop when received\nNFS4ERR_SEQ_MISORDERED error (BZ#1739077)\n\n* Backport TCP follow-up for small buffers (BZ#1739130)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/4329821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-1125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9500\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-1125\", \"CVE-2019-9500\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:2600\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2600\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bpftool-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bpftool-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n }\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T02:50:37", "description": "Security Fix(es): \n\n - kernel: hw: Spectre SWAPGS gadget vulnerability\n (CVE-2019-1125) \n\n - kernel: brcmfmac heap buffer overflow in\n brcmf_wowl_nd_results (CVE-2019-9500) \n Bug Fix(es): \n\n - [mlx4] VXLAN over VLAN TCP segmentation \n\n - Race condition in /dev/sg due to missing synchronization\n causes corruption in RHV \n\n - panic handing smb2_reconnect due to a use after\n free \n\n - NFSv4.1 client stuck in infinite loop when received\n NFS4ERR_SEQ_MISORDERED error \n\n - Backport TCP follow-up for small buffers --", "edition": 9, "cvss3": {"score": 8.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-09-04T00:00:00", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20190903)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500", "CVE-2019-1125"], "modified": "2019-09-04T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs"], "id": "SL_20190903_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/128501", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128501);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-1125\", \"CVE-2019-9500\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20190903)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es): \n\n - kernel: hw: Spectre SWAPGS gadget vulnerability\n (CVE-2019-1125) \n\n - kernel: brcmfmac heap buffer overflow in\n brcmf_wowl_nd_results (CVE-2019-9500) \n Bug Fix(es): \n\n - [mlx4] VXLAN over VLAN TCP segmentation \n\n - Race condition in /dev/sg due to missing synchronization\n causes corruption in RHV \n\n - panic handing smb2_reconnect due to a use after\n free \n\n - NFSv4.1 client stuck in infinite loop when received\n NFS4ERR_SEQ_MISORDERED error \n\n - Backport TCP follow-up for small buffers --\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1909&L=SCIENTIFIC-LINUX-ERRATA&P=7226\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?956afc44\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.1.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T05:10:49", "description": "From Red Hat Security Advisory 2019:2600 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n(CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734333)\n\n* Race condition in /dev/sg due to missing synchronization causes\ncorruption in RHV (BZ#1737380)\n\n* panic handing smb2_reconnect due to a use after free (BZ#1737382)\n\n* NFSv4.1 client stuck in infinite loop when received\nNFS4ERR_SEQ_MISORDERED error (BZ#1739077)\n\n* Backport TCP follow-up for small buffers (BZ#1739130)", "edition": 20, "cvss3": {"score": 8.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-09-05T00:00:00", "title": "Oracle Linux 7 : kernel (ELSA-2019-2600)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500", "CVE-2019-1125"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-2600.NASL", "href": "https://www.tenable.com/plugins/nessus/128513", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2600 and \n# Oracle Linux Security Advisory ELSA-2019-2600 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128513);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2019-1125\", \"CVE-2019-9500\");\n script_xref(name:\"RHSA\", value:\"2019:2600\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2019-2600)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:2600 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n(CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734333)\n\n* Race condition in /dev/sg due to missing synchronization causes\ncorruption in RHV (BZ#1737380)\n\n* panic handing smb2_reconnect due to a use after free (BZ#1737382)\n\n* NFSv4.1 client stuck in infinite loop when received\nNFS4ERR_SEQ_MISORDERED error (BZ#1739077)\n\n* Backport TCP follow-up for small buffers (BZ#1739130)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-September/009115.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-1125\", \"CVE-2019-9500\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2019-2600\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.10\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.1.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.1.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9500"], "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "modified": "2019-04-25T01:37:09", "published": "2019-04-25T01:37:09", "id": "FEDORA:0C56A6076013", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: kernel-headers-5.0.9-200.fc29", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9500"], "description": "This package contains the tools/ directory from the kernel source and the supporting documentation. ", "modified": "2019-04-25T01:37:09", "published": "2019-04-25T01:37:09", "id": "FEDORA:405AE605F20B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: kernel-tools-5.0.9-200.fc29", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9500"], "description": "The kernel meta package ", "modified": "2019-04-25T19:34:48", "published": "2019-04-25T19:34:48", "id": "FEDORA:3FF78605E21A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: kernel-5.0.9-301.fc30", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9500"], "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "modified": "2019-04-25T19:34:49", "published": "2019-04-25T19:34:49", "id": "FEDORA:F12996087537", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: kernel-headers-5.0.9-300.fc30", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9500"], "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "modified": "2019-04-25T23:25:02", "published": "2019-04-25T23:25:02", "id": "FEDORA:0EBE0612DECF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: kernel-headers-5.0.9-100.fc28", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9500"], "description": "This package contains the tools/ directory from the kernel source and the supporting documentation. ", "modified": "2019-04-25T19:34:50", "published": "2019-04-25T19:34:50", "id": "FEDORA:22F34600CBDE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: kernel-tools-5.0.9-300.fc30", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9500"], "description": "This package contains the tools/ directory from the kernel source and the supporting documentation. ", "modified": "2019-04-25T23:25:02", "published": "2019-04-25T23:25:02", "id": "FEDORA:3486E60876B3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: kernel-tools-5.0.9-100.fc28", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16862", "CVE-2018-16880", "CVE-2018-18710", "CVE-2018-19407", "CVE-2018-19824", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3701", "CVE-2019-3882", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9500", "CVE-2019-9857"], "description": "The kernel meta package ", "modified": "2019-04-25T01:37:08", "published": "2019-04-25T01:37:08", "id": "FEDORA:85FBF6076011", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: kernel-5.0.9-200.fc29", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16862", "CVE-2018-16880", "CVE-2018-18710", "CVE-2018-19407", "CVE-2018-19824", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3701", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-9857"], "description": "The kernel meta package ", "modified": "2019-05-03T03:44:13", "published": "2019-05-03T03:44:13", "id": "FEDORA:89C9C6051B3A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: kernel-5.0.10-200.fc29", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-16862", "CVE-2018-16880", "CVE-2018-18710", "CVE-2018-19407", "CVE-2018-19824", "CVE-2019-11091", "CVE-2019-11884", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3701", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-9857"], "description": "The kernel meta package ", "modified": "2019-05-15T16:48:45", "published": "2019-05-15T16:48:45", "id": "FEDORA:690DE6022BA8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: kernel-5.0.16-200.fc29", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2020-01-30T11:35:58", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9500"], "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix:\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-12-10T17:01:20", "published": "2019-12-10T15:20:12", "id": "RHSA-2019:4171", "href": "https://access.redhat.com/errata/RHSA-2019:4171", "type": "redhat", "title": "(RHSA-2019:4171) Important: kpatch-patch security update", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-30T11:36:54", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9500"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [HPEMC 7.7 BUG] Protect against concurrent calls into UV BIOS (BZ#1720367)\n\n* A cluster node has multiple hung \"mv\" processes that are accessing a gfs2 filesystem. (BZ#1721911)\n\n* alua messages flooding serial console leading to cluster failover delays (BZ#1754849)\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755329)\n\n* kernel build: speed up module compression step (BZ#1755338)\n\n* Nested VirtualBox VMs on Windows guest has the potential of impacting memory region allocated to other KVM guests (BZ#1755782)\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM. (BZ#1757756)\n\n* OS getting restarted because of driver issue with QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev 02). (BZ#1759446)\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772810)", "modified": "2019-12-10T17:01:19", "published": "2019-12-10T15:19:55", "id": "RHSA-2019:4168", "href": "https://access.redhat.com/errata/RHSA-2019:4168", "type": "redhat", "title": "(RHSA-2019:4168) Important: kernel security and bug fix update", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-30T11:38:12", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9500", "CVE-2019-9503"], "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity fix(es):\n\n* If the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw (CVE-2019-9503), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out. (CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-10-01T11:41:46", "published": "2019-10-01T11:28:36", "id": "RHSA-2019:2945", "href": "https://access.redhat.com/errata/RHSA-2019:2945", "type": "redhat", "title": "(RHSA-2019:2945) Important: kpatch-patch security update", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-30T11:36:18", "bulletinFamily": "unix", "cvelist": ["CVE-2019-1125", "CVE-2019-9500"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734333)\n\n* Race condition in /dev/sg due to missing synchronization causes corruption in RHV (BZ#1737380)\n\n* panic handing smb2_reconnect due to a use after free (BZ#1737382)\n\n* NFSv4.1 client stuck in infinite loop when received NFS4ERR_SEQ_MISORDERED error (BZ#1739077)\n\n* Backport TCP follow-up for small buffers (BZ#1739130)", "modified": "2019-09-03T19:40:42", "published": "2019-09-03T17:19:05", "id": "RHSA-2019:2600", "href": "https://access.redhat.com/errata/RHSA-2019:2600", "type": "redhat", "title": "(RHSA-2019:2600) Important: kernel security and bug fix update", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-30T11:36:19", "bulletinFamily": "unix", "cvelist": ["CVE-2019-1125", "CVE-2019-9500"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* BUG: scheduling while atomic in zswap (BZ#1737372)\n\n* kernel-rt: update to the RHEL7.7.z batch#1 source tree (BZ#1740918)", "modified": "2019-09-03T19:40:39", "published": "2019-09-03T17:21:16", "id": "RHSA-2019:2609", "href": "https://access.redhat.com/errata/RHSA-2019:2609", "type": "redhat", "title": "(RHSA-2019:2609) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-30T11:35:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10902", "CVE-2018-20856", "CVE-2019-11810", "CVE-2019-9500", "CVE-2019-9506"], "description": "The kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es):\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel modules pkey and paes_s390 are not available (BZ#1719192)\n\n* pkey: Indicate old mkvp only if old and curr. mkvp are different (BZ#1720621)\n\n* System dropped into Mon running softboots Exception: 501 (Hardware Interrupt) at c00000000000a814 replay_interrupt_return+0x0/0x4 (ipmi) (BZ#1737563)\n\n* kernel: jump label transformation performance (BZ#1739143)\n\n* Backport i40e MDD detection removal for PFs (BZ#1747618)", "modified": "2019-10-29T16:19:53", "published": "2019-10-29T15:35:37", "id": "RHSA-2019:3217", "href": "https://access.redhat.com/errata/RHSA-2019:3217", "type": "redhat", "title": "(RHSA-2019:3217) Important: kernel-alt security and bug fix update", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T11:02:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19824", "CVE-2019-11487", "CVE-2019-3846", "CVE-2019-3887", "CVE-2019-9500", "CVE-2019-9503"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n* Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS (CVE-2019-3887)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)\n\n* kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)\n\n* kernel: brcmfmac frame validation bypass (CVE-2019-9503)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* BUG: scheduling while atomic in zswap (BZ#1726362)\n\n* kernel-rt: update to the RHEL8.0.z batch#3 source tree (BZ#1734475)", "modified": "2019-11-01T14:28:55", "published": "2019-09-11T20:33:02", "id": "RHSA-2019:2741", "href": "https://access.redhat.com/errata/RHSA-2019:2741", "type": "redhat", "title": "(RHSA-2019:2741) Important: kernel-rt security and bug fix update", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-09-10T12:47:47", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19824", "CVE-2019-11487", "CVE-2019-12817", "CVE-2019-3846", "CVE-2019-3887", "CVE-2019-9500", "CVE-2019-9503"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n* Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS (CVE-2019-3887)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)\n\n* kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)\n\n* kernel: ppc: unrelated processes being able to read/write to each other's virtual memory (CVE-2019-12817)\n\n* kernel: Use-after-free in sound/usb/card.c:usb_audio_probe() (CVE-2018-19824)\n\n* kernel: brcmfmac frame validation bypass (CVE-2019-9503)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [DELL EMC 8.0 BUG]: pciehp deadlock resulting in NVMe device not being recognized when hot plugged (BZ#1712261)\n\n* Host crashed while try to boot a compatible guest attached huge page by\"-object memory-backend-file *\"[1G-P9] (BZ#1714758)\n\n* Setting malformed authenc key will crash the system (BZ#1715335)\n\n* BUG: memory allocation failure in inode_doinit_with_dentry()/context_to_sid() (BZ#1717780)\n\n* [HPEMC 8.1 BUG] Protect against concurrent calls into UV BIOS (BZ#1724534)\n\n* PHC jumping on I350 (igb) (BZ#1726352)\n\n* aarch64 kernel missing vulnerabilities status files (BZ#1726353)\n\n* BUG: KASAN: use-after-free in skb_release_data() (BZ#1726354)\n\n* [RHEL8][PANIC][aarch64] kernel panic when loading the dme1737 module (BZ#1726355)\n\n* [RHEL8] [aarch64] Changes for BZ1672997 break kaslr (BZ#1726357)\n\n* Network fails to come up when booting with kernel 3.10.0-862.el7.x86_64, several hung tasks can be seen in logs. (BZ#1726358)\n\n* [Intel] 'cpupower frequency-set' produces unexpected results for some processors (BZ#1726360)\n\n* HDMI/DP audio: ELD not updated on hotplug event (BZ#1726361)\n\n* [mlx5_core] CX5 Adapter works not as expected when MTU is 9000, Unable to handle kernel paging request at virtual address 3ae0aafeff4b6b5a (BZ#1726372)\n\n* [DELL 8.0 Bug] - hid-multitouch 0018:1FD2:8008.0001 ,lost function from S3 resume (BZ#1727098)\n\n* [RHEL8.1 Pre Beta] [Power8] data corruption while returning from watchpoint exception handler (BZ#1733281)\n\n* RHEL8.1 pre-Beta - cacheinfo code unsafe vs LPM (BZ#1733282)\n\n* RHEL8.1 pre-Beta - [ZZ/Zeppelin] [kernel-4.18.0-100.el8.ppc64le] Hash MMU allows child to write parents process address space (BZ#1734689)", "modified": "2019-09-10T15:28:45", "published": "2019-09-10T14:36:22", "id": "RHSA-2019:2703", "href": "https://access.redhat.com/errata/RHSA-2019:2703", "type": "redhat", "title": "(RHSA-2019:2703) Important: kernel security and bug fix update", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-02-03T17:13:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500"], "description": "The remote host is missing an update for the ", "modified": "2020-02-03T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310875638", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875638", "type": "openvas", "title": "Fedora Update for kernel-headers FEDORA-2019-1e8a4c6958", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875638\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2019-9500\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:13:51 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for kernel-headers FEDORA-2019-1e8a4c6958\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1e8a4c6958\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3OSAZTEWEM65TWBT3HWHISLRDIO3OUS\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-headers'\n package(s) announced via the FEDORA-2019-1e8a4c6958 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Kernel-headers includes the C header files that specify the interface\nbetween the Linux kernel and userspace libraries and programs. The\nheader files define structures and constants that are needed for\nbuilding most standard programs and are also needed for rebuilding the\nglibc package.\");\n\n script_tag(name:\"affected\", value:\"'kernel-headers' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~5.0.9~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:11:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500"], "description": "The remote host is missing an update for the ", "modified": "2020-02-03T00:00:00", "published": "2019-04-29T00:00:00", "id": "OPENVAS:1361412562310875575", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875575", "type": "openvas", "title": "Fedora Update for kernel-headers FEDORA-2019-1b986880ea", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875575\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2019-9500\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-29 02:12:16 +0000 (Mon, 29 Apr 2019)\");\n script_name(\"Fedora Update for kernel-headers FEDORA-2019-1b986880ea\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1b986880ea\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YARCYQ5A3G7LK2BT25UP5MFZJN5T4LMS\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-headers'\n package(s) announced via the FEDORA-2019-1b986880ea advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Kernel-headers includes the C header files that specify the interface\nbetween the Linux kernel and userspace libraries and programs. The\nheader files define structures and constants that are needed for\nbuilding most standard programs and are also needed for rebuilding the\nglibc package.\");\n\n script_tag(name:\"affected\", value:\"'kernel-headers' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~5.0.9~100.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:11:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500"], "description": "The remote host is missing an update for the ", "modified": "2020-02-03T00:00:00", "published": "2019-04-29T00:00:00", "id": "OPENVAS:1361412562310875579", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875579", "type": "openvas", "title": "Fedora Update for kernel-tools FEDORA-2019-1b986880ea", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875579\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2019-9500\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-29 02:13:06 +0000 (Mon, 29 Apr 2019)\");\n script_name(\"Fedora Update for kernel-tools FEDORA-2019-1b986880ea\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1b986880ea\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JRVAANRPGBRBBPW2GEFJAJRAPKCLCEG2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-tools'\n package(s) announced via the FEDORA-2019-1b986880ea advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the tools/ directory from the kernel source\nand the supporting documentation.\");\n\n script_tag(name:\"affected\", value:\"'kernel-tools' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~5.0.9~100.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:25:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9500", "CVE-2019-1125"], "description": "The remote host is missing an update for the ", "modified": "2020-02-03T00:00:00", "published": "2019-09-19T00:00:00", "id": "OPENVAS:1361412562310883107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883107", "type": "openvas", "title": "CentOS Update for bpftool CESA-2019:2600 centos7 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883107\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2019-1125\", \"CVE-2019-9500\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-19 02:02:41 +0000 (Thu, 19 Sep 2019)\");\n script_name(\"CentOS Update for bpftool CESA-2019:2600 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:2600\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-September/023444.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bpftool'\n package(s) announced via the CESA-2019:2600 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\n * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\n * kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n(CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug Fix(es):\n\n * [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734333)\n\n * Race condition in /dev/sg due to missing synchronization causes\ncorruption in RHV (BZ#1737380)\n\n * panic handing smb2_reconnect due to a use after free (BZ#1737382)\n\n * NFSv4.1 client stuck in infinite loop when received\nNFS4ERR_SEQ_MISORDERED error (BZ#1739077)\n\n * Backport TCP follow-up for small buffers (BZ#1739130)\");\n\n script_tag(name:\"affected\", value:\"'bpftool' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bpftool\", rpm:\"bpftool~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~1062.1.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:24:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-02-03T00:00:00", "published": "2019-05-15T00:00:00", "id": "OPENVAS:1361412562310844009", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844009", "type": "openvas", "title": "Ubuntu Update for linux USN-3981-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844009\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2018-16884\",\n \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-9500\",\n \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:03:04 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for linux USN-3981-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3981-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3981-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3981-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free\nvulnerability existed in the NFS41+ subsystem when multiple network\nnamespaces are in use. A local attacker in a container could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups\nsubsystem of the Linux kernel did not properly account for SCTP socket\nbuffers. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did\nnot properly limit DMA mappings. A local attacker co ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1013-oracle\", ver:\"4.15.0-1013.15\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1032-gcp\", ver:\"4.15.0-1032.34\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1034-kvm\", ver:\"4.15.0-1034.34\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1036-raspi2\", ver:\"4.15.0-1036.38\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1038-oem\", ver:\"4.15.0-1038.43\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1039-aws\", ver:\"4.15.0-1039.41\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1053-snapdragon\", ver:\"4.15.0-1053.57\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-generic\", ver:\"4.15.0-50.54\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-generic-lpae\", ver:\"4.15.0-50.54\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-lowlatency\", ver:\"4.15.0-50.54\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-snapdragon\", ver:\"4.15.0-50.54\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.15.0.1039.38\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1032.34\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.15.0.1034.34\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.1038.43\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"4.15.0.1013.16\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.15.0.1036.34\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.15.0.1053.56\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:24:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-02-03T00:00:00", "published": "2019-05-16T00:00:00", "id": "OPENVAS:1361412562310844012", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844012", "type": "openvas", "title": "Ubuntu Update for linux-azure USN-3981-2", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844012\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2018-16884\",\n \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-9500\",\n \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:01:13 +0000 (Thu, 16 May 2019)\");\n script_name(\"Ubuntu Update for linux-azure USN-3981-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3981-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3981-2/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-azure'\n package(s) announced via the USN-3981-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free\nvulnerability existed in the NFS41+ subsystem when multiple network\nnamespaces are in use. A local attacker in a container could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups\nsubsystem of the Linux kernel ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux-azure' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1013-oracle\", ver:\"4.15.0-1013.15~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1032-gcp\", ver:\"4.15.0-1032.34~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1045-azure\", ver:\"4.15.0-1045.49\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-generic\", ver:\"4.15.0-50.54~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-generic-lpae\", ver:\"4.15.0-50.54~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-lowlatency\", ver:\"4.15.0-50.54~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1045.49\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1032.46\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.15.0.50.71\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.15.0.50.71\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1032.46\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.15.0.50.71\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.50.71\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"4.15.0.1013.7\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual-hwe-16.04\", ver:\"4.15.0.50.71\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:23:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2019-3887", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-02-03T00:00:00", "published": "2019-05-15T00:00:00", "id": "OPENVAS:1361412562310844006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844006", "type": "openvas", "title": "Ubuntu Update for linux-azure USN-3980-2", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844006\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2018-16884\",\n \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-3887\",\n \"CVE-2019-9500\", \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:02:48 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for linux-azure USN-3980-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3980-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3980-2/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-azure'\n package(s) announced via the USN-3980-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3980-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10.\nThis update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu\n18.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free\nvulnerability existed in the NFS41+ subsystem when multiple network\nnamespaces are in use. A local attacker in a container could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups\nsubsystem of the Linux kernel did not properly account for SCTP socket\nbuffers. A local a ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux-azure' package(s) on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-1018-azure\", ver:\"4.18.0-1018.18~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-generic\", ver:\"4.18.0-20.21~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-generic-lpae\", ver:\"4.18.0-20.21~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-lowlatency\", ver:\"4.18.0-20.21~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-snapdragon\", ver:\"4.18.0-20.21~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.18.0.1018.17\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-hwe-18.04\", ver:\"4.18.0.20.70\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-18.04\", ver:\"4.18.0.20.70\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-18.04\", ver:\"4.18.0.20.70\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon-hwe-18.04\", ver:\"4.18.0.20.70\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual-hwe-18.04\", ver:\"4.18.0.20.70\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:22:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2019-3887", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-02-03T00:00:00", "published": "2019-05-15T00:00:00", "id": "OPENVAS:1361412562310844010", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844010", "type": "openvas", "title": "Ubuntu Update for linux USN-3980-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844010\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2018-16884\",\n \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-3887\",\n \"CVE-2019-9500\", \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:03:11 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for linux USN-3980-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.10\");\n\n script_xref(name:\"USN\", value:\"3980-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3980-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3980-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free\nvulnerability existed in the NFS41+ subsystem when multiple network\nnamespaces are in use. A local attacker in a container could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups\nsubsystem of the Linux kernel did not properly account for SCTP socket\nbuffers. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did\nnot properly limit DMA mappings. A local attacker could ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 18.10.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-1011-gcp\", ver:\"4.18.0-1011.12\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-1012-kvm\", ver:\"4.18.0-1012.12\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-1014-raspi2\", ver:\"4.18.0-1014.16\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-1016-aws\", ver:\"4.18.0-1016.18\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-1018-azure\", ver:\"4.18.0-1018.18\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-generic\", ver:\"4.18.0-20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-generic-lpae\", ver:\"4.18.0-20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-lowlatency\", ver:\"4.18.0-20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-snapdragon\", ver:\"4.18.0-20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.18.0.1016.16\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.18.0.1018.19\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.18.0.1011.11\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.18.0.1011.11\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.18.0.1012.12\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.18.0.1014.11\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2019-3887", "CVE-2019-11683", "CVE-2019-1999", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-05-17T00:00:00", "published": "2019-05-15T00:00:00", "id": "OPENVAS:1361412562310844004", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844004", "type": "openvas", "title": "Ubuntu Update for linux USN-3979-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844004\");\n script_version(\"2019-05-17T10:04:07+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2019-11091\",\n \"CVE-2019-11683\", \"CVE-2019-1999\", \"CVE-2019-3874\", \"CVE-2019-3882\",\n \"CVE-2019-3887\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:04:07 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:02:39 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for linux USN-3979-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU19\\.04\");\n\n script_xref(name:\"USN\", value:\"3979-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3979-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3979-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nIt was discovered that the IPv4 generic receive offload (GRO) for UDP\nimplementation in the Linux kernel did not properly handle padded packets.\nA remote attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-11683)\n\nIt was discovered that a race condition existed in the Binder IPC driver\nfor the Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2019-1999)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups\nsubsystem of the Linux kernel did not properly account for SCTP socket\nbuffers. A local attacker could use this to cause a denial of service\n(sys ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 19.04.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1006-aws\", ver:\"5.0.0-1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1006-azure\", ver:\"5.0.0-1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1006-gcp\", ver:\"5.0.0-1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1006-kvm\", ver:\"5.0.0-1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1008-raspi2\", ver:\"5.0.0-1008.8\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-15-generic\", ver:\"5.0.0-15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-15-generic-lpae\", ver:\"5.0.0-15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-15-lowlatency\", ver:\"5.0.0-15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"5.0.0.1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"5.0.0.1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"5.0.0.1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"5.0.0.15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"5.0.0.15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"5.0.0.1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"5.0.0.1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"5.0.0.15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"5.0.0.1008.5\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"5.0.0.15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-12T15:12:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11085", "CVE-2018-7191", "CVE-2019-11884", "CVE-2019-9500", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-11486", "CVE-2019-11811", "CVE-2019-11815", "CVE-2019-5489", "CVE-2013-4343", "CVE-2019-3882"], "description": "The remote host is missing an update for the ", "modified": "2020-05-11T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852870", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852870", "type": "openvas", "title": "openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1479-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852870\");\n script_version(\"2020-05-11T07:05:27+0000\");\n script_cve_id(\"CVE-2018-7191\", \"CVE-2019-11085\", \"CVE-2019-11486\", \"CVE-2019-11811\",\n \"CVE-2019-11815\", \"CVE-2019-11833\", \"CVE-2019-11884\", \"CVE-2019-3882\",\n \"CVE-2019-5489\", \"CVE-2019-9500\", \"CVE-2019-9503\", \"CVE-2013-4343\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-11 07:05:27 +0000 (Mon, 11 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:39:22 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1479-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1479-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Linux Kernel'\n package(s) announced via the openSUSE-SU-2019:1479-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 15.1 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-7191: In the tun subsystem dev_get_valid_name xwas not called\n before register_netdevice. This allowed local users to cause a denial of\n service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF)\n call with a dev name containing a / character. This is similar to\n CVE-2013-4343 (bnc#1135603).\n\n - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux may have allowed an authenticated user\n to potentially enable escalation of privilege via local access\n (bnc#1135278).\n\n - CVE-2019-11486: The Siemens R3964 line discipline driver in\n drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions\n (bnc#1133188). It was disabled by default.\n\n - CVE-2019-11811: There is a use-after-free upon attempted read access to\n /proc/ioports after the ipmi_si module is removed, related to\n drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c,\n and drivers/char/ipmi/ipmi_si_port_io.c (bnc#1134397).\n\n - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in\n net/rds/tcp.c kernel. There is a race condition leading to a\n use-after-free, related to net namespace cleanup (bnc#1134537).\n\n - CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory\n region in the extent tree block, which might allow local users to obtain\n sensitive information by reading uninitialized data in the filesystem\n (bnc#1135281).\n\n - CVE-2019-11884: The do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c allowed a local user to obtain potentially\n sensitive information from kernel stack memory via a HIDPCONNADD\n command, because a name field may not end with a '\\0' character\n (bnc#1134848).\n\n - CVE-2019-3882: A flaw was found in the vfio interface implementation\n that permits violation of the user's locked memory limit. If a device is\n bound to a vfio driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may cause a system\n memory exhaustion and thus a denial of service (DoS). (bnc#1131416\n bnc#1131427).\n\n - CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed\n local attackers to observe page cache access patterns of other processes\n on the same system, potentially allowing sniffing of secret information.\n (Fixing this affects the output of the fincore program.) Limited remote\n exploitation may be possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'the' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall\", rpm:\"kernel-kvmsmall~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-base\", rpm:\"kernel-kvmsmall-base~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-base-debuginfo\", rpm:\"kernel-kvmsmall-base-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-debuginfo\", rpm:\"kernel-kvmsmall-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-debugsource\", rpm:\"kernel-kvmsmall-debugsource~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-devel\", rpm:\"kernel-kvmsmall-devel~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-devel-debuginfo\", rpm:\"kernel-kvmsmall-devel-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-12-08T03:38:06", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9500", "CVE-2019-1125"], "description": "**CentOS Errata and Security Advisory** CESA-2019:2600\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734333)\n\n* Race condition in /dev/sg due to missing synchronization causes corruption in RHV (BZ#1737380)\n\n* panic handing smb2_reconnect due to a use after free (BZ#1737382)\n\n* NFSv4.1 client stuck in infinite loop when received NFS4ERR_SEQ_MISORDERED error (BZ#1739077)\n\n* Backport TCP follow-up for small buffers (BZ#1739130)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-September/035482.html\n\n**Affected packages:**\nbpftool\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-09-18T20:39:01", "published": "2019-09-18T20:39:01", "id": "CESA-2019:2600", "href": "http://lists.centos.org/pipermail/centos-announce/2019-September/035482.html", "title": "bpftool, kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-01-30T14:33:04", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9500", "CVE-2019-1125"], "description": "[3.10.0-1062.1.1]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n[3.10.0-1062.1.1]\n- [fs] nfsv4.1: Avoid false retries when RPC calls are interrupted (Benjamin Coddington) [1739077 1732427]\n- [fs] NFS4.1 handle interrupted slot reuse from ERR_DELAY (Benjamin Coddington) [1739077 1732427]\n- [fs] nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (Benjamin Coddington) [1739077 1732427]\n- [fs] cifs: fix panic in smb2_reconnect (Leif Sahlberg) [1737382 1702264]\n- [scsi] sg: protect against races between mmap() and SG_SET_RESERVED_SIZE (Ewan Milne) [1737380 1710533]\n- [scsi] sg: recheck MMAP_IO request length with lock held (Ewan Milne) [1737380 1710533]\n- [scsi] sg: reset 'res_in_use' after unlinking reserved array (Ewan Milne) [1737380 1710533]\n- [scsi] sg: protect accesses to 'reserved' page array (Ewan Milne) [1737380 1710533]\n- [netdrv] mlx4/en_netdev: allow offloading VXLAN over VLAN (Paolo Abeni) [1734333 1733671]\n- [netdrv] brcmfmac: assure SSID length from firmware is limited (Stanislaw Gruszka) [1704879 1704880] {CVE-2019-9500}\n- [net] tcp: be more careful in tcp_fragment() (Marcelo Leitner) [1739130 1732106]\n- [documentation] Documentation: Add swapgs description to the Spectre v1 documentation (Waiman Long) [1729810 1724510] {CVE-2019-1125}\n- [documentation] Documentation: Add section about CPU vulnerabilities for Spectre (Waiman Long) [1729810 1724510] {CVE-2019-1125}\n- [x86] x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS (Waiman Long) [1729810 1724510] {CVE-2019-1125}\n- [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Waiman Long) [1729810 1724510] {CVE-2019-1125}\n- [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Waiman Long) [1729810 1724510] {CVE-2019-1125}\n- [x86] x86/feature: Relocate X86_FEATURE_INVPCID_SINGLE (Waiman Long) [1729810 1724510] {CVE-2019-1125}", "edition": 3, "modified": "2019-09-04T00:00:00", "published": "2019-09-04T00:00:00", "id": "ELSA-2019-2600", "href": "http://linux.oracle.com/errata/ELSA-2019-2600.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-22T17:09:52", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2019-3887", "CVE-2018-19824", "CVE-2019-13272", "CVE-2018-12127", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-12817", "CVE-2019-11487", "CVE-2019-3846", "CVE-2019-11091", "CVE-2019-1125", "CVE-2018-12130"], "description": "- [4.18.0-80.11.1_0.OL8]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n[4.18.0-80.11.1_0]\n- [wireless] mwifiex: Don't abort on small, spec-compliant vendor IEs (Jarod Wilson) [1714475 1728992]\n- [wireless] mwifiex: fix 802.11n/WPA detection (Jarod Wilson) [1714475 1714476] {CVE-2019-3846}\n[4.18.0-80.10.1_0]\n- [x86] x86/entry/64: Use JMP instead of JMPQ (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}\n- [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}\n- [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}\n- [x86] x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}\n- [x86] x86/cpufeatures: Carve out CQM features retrieval (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}\n[4.18.0-80.9.1_0]\n- [netdrv] thunderx: eliminate extra calls to put_page() for pages held for recycling (Dean Nelson) [1726354 1644011]\n- [netdrv] thunderx: enable page recycling for non-XDP case (Dean Nelson) [1726354 1644011]\n- [arm64] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off (Mark Salter) [1726357 1673068]\n- [arm64] arm64: kaslr: ensure randomized quantities are clean to the PoC (Mark Salter) [1726357 1673068]\n- [mm] powerpc/mm/64s/hash: Reallocate context ids on fork (Gustavo Duarte) [1734689 1723808] {CVE-2019-12817}\n- [powerpc] powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (Steve Best) [1733282 1720929]\n- [powerpc] powerpc/pseries/mobility: prevent cpu hotplug during DT update (Steve Best) [1733282 1720929]\n- [powerpc] powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (Steve Best) [1733282 1720929]\n- [powerpc] powerpc/watchpoint: Restore NV GPRs while returning from exception (Steve Best) [1733281 1728557]\n- [hid] HID: i2c-hid: Don't reset device upon system resume (Perry Yuan) [1727098 1715385]\n- [netdrv] net/mlx5e: RX, Verify MPWQE stride size is in range (Alaa Hleihel) [1726372 1683589]\n- [sound] ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (Jaroslav Kysela) [1726371 1658924] {CVE-2018-19824}\n- [sound] ALSA: hda - Enable runtime PM only for discrete GPU (Jaroslav Kysela) [1726361 1714817]\n- [cpufreq] cpufreq: intel_pstate: Ignore turbo active ratio in HWP (David Arcari) [1726360 1711970]\n- [infiniband] usnic_verbs: fix deadlock (Govindarajulu Varadarajan) [1726358 1688505]\n- [infiniband] IB/usnic: Fix locking when unregistering (Govindarajulu Varadarajan) [1726358 1688505]\n- [infiniband] IB/usnic: Fix potential deadlock (Govindarajulu Varadarajan) [1726358 1688505]\n- [netdrv] igb: shorten maximum PHC timecounter update interval (Corinna Vinschen) [1726352 1637098]\n- [netdrv] igb: shorten maximum PHC timecounter update interval (Corinna Vinschen) [1726352 1637098]\n- [x86] x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (Frank Ramsay) [1724534 1677695]\n- [security] selinux: overhaul sidtab to fix bug and improve performance (Ondrej Mosnacek) [1717780 1656787]\n- [security] selinux: use separate table for initial SID lookup (Ondrej Mosnacek) [1717780 1656787]\n- [security] selinux: refactor sidtab conversion (Ondrej Mosnacek) [1717780 1656787]\n- [security] selinux: Cleanup printk logging in sidtab (Ondrej Mosnacek) [1717780 1656787]\n- [security] selinux: Cleanup printk logging in services (Ondrej Mosnacek) [1717780 1656787]\n- [security] selinux: Cleanup printk logging in policydb (Ondrej Mosnacek) [1717780 1656787]\n- [crypto] crypto: authenc - fix parsing key with misaligned rta_len (Herbert Xu) [1715335 1707546]\n- [mm] mm, page_alloc: fix has_unmovable_pages for HugePages (David Gibson) [1714758 1688114]\n- [wireless] mwifiex: Abort at too short BSS descriptor element (Jarod Wilson) [1714475 1714476] {CVE-2019-3846}\n- [wireless] mwifiex: Fix possible buffer overflows at parsing bss descriptor (Jarod Wilson) [1714475 1714476] {CVE-2019-3846}\n- [nvme] nvme-pci: add missing unlock for reset error (Gopal Tiwari) [1712261 1703201]\n- [nvme] nvme-pci: fix rapid add remove sequence (Gopal Tiwari) [1712261 1703201]\n- [wireless] brcmfmac: add subtype check for event handling in data path (Stanislaw Gruszka) [1733895 1704684] {CVE-2019-9503}\n- [wireless] brcmfmac: assure SSID length from firmware is limited (Stanislaw Gruszka) [1705385 1705386] {CVE-2019-9500}\n- [include] fs: fix kABI for struct pipe_buf_operations (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}\n- [fs] fs: prevent page refcount overflow in pipe_buf_get (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}\n- [mm] mm: prevent get_user_pages() from overflowing page refcount (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}\n- [include] mm: add 'try_get_page()' helper function (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}\n- [include] mm: make page ref count overflow check tighter and more explicit (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}\n- [fs] fuse: call pipe_buf_release() under pipe lock (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}\n- [kvm] KVM: x86: nVMX: fix x2APIC VTPR read intercept (Vitaly Kuznetsov) [1697198 1697199]\n- [kvm] KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887) (Vitaly Kuznetsov) [1697198 1697199]\n[4.18.0-80.8.1_0]\n- [documentation] Documentation: Add ARM64 to kernel-parameters.rst (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: enable generic CPU vulnerabilites support (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: add sysfs vulnerability show for speculative store bypass (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: Always enable ssb vulnerability detection (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: add sysfs vulnerability show for spectre-v2 (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: Always enable spectre-v2 vulnerability detection (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: Advertise mitigation of Spectre-v2, or lack thereof (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: add sysfs vulnerability show for meltdown (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: Add sysfs vulnerability show for spectre-v1 (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: Provide a command line to disable spectre_v2 mitigation (Jeremy Linton) [1726353 1640855]\n- [documentation] powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg (Jeremy Linton) [1726353 1640855]\n- [documentation] Documentation: Document arm64 kpti control (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: Add MIDR encoding for HiSilicon Taishan CPUs (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: capabilities: Merge duplicate Cavium erratum entries (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: Use a raw spinlock in __install_bp_hardening_cb() (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: fix SSBS sanitization (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: don't zero DIT on signal return (Jeremy Linton) [1726353 1640855]\n- [kvm] KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: ssbd: Drop #ifdefs for PR_SPEC_STORE_BYPASS (Jeremy Linton) [1726353 1640855]\n- [arm64] arm64: cpufeature: Detect SSBS and advertise to userspace (Jeremy Linton) [1726353 1640855]\n(Jeremy Linton) [1726353 1640855]\n- Revert: [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1726353 1640855] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}\n- [kernel] ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (Aristeu Rozanski) [1730958 1730959] {CVE-2019-13272}", "edition": 2, "modified": "2019-09-12T00:00:00", "published": "2019-09-12T00:00:00", "id": "ELSA-2019-2703", "href": "http://linux.oracle.com/errata/ELSA-2019-2703.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-09T23:24:23", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12768", "CVE-2019-19045", "CVE-2019-19767", "CVE-2019-18282", "CVE-2019-19057", "CVE-2019-15505", "CVE-2019-19524", "CVE-2019-19058", "CVE-2019-12819", "CVE-2019-14896", "CVE-2020-11609", "CVE-2019-20636", "CVE-2020-0543", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-11599", "CVE-2019-14897", "CVE-2020-11608", "CVE-2020-11668", "CVE-2019-19537", "CVE-2019-19056"], "description": "[4.14.35-1902.303.4.1]\n- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31422209] {CVE-2020-0543}\n- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31422209] {CVE-2020-0543}\n- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31422209] {CVE-2020-0543}\n- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31422209] {CVE-2020-0543}\n[4.14.35-1902.303.4]\n- net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157] \n- rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151] \n- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151] \n- xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31422147]\n[4.14.35-1902.303.3]\n- scsi: target: fix hang when multiple threads try to destroy the same iscsi session (Maurizio Lombardi) [Orabug: 31374726] \n- scsi: target: remove boilerplate code (Maurizio Lombardi) [Orabug: 31374726] \n- KSPLICE: mips: clear the stack before going in the freezer. (Quentin Casasnovas) [Orabug: 31352999] \n- KSPLICE: mips: signals the freezer when were coming from the entry code. (Quentin Casasnovas) [Orabug: 31352999] \n- libertas: Fix two buffer overflows at parsing bss descriptor (Wen Huang) [Orabug: 31351306] {CVE-2019-14896} {CVE-2019-14897} {CVE-2019-14897}\n- KVM: SVM: Fix potential memory leak in svm_cpu_init() (Miaohe Lin) [Orabug: 31350457] {CVE-2020-12768}\n- Fix up usage of cfg_enable_fc4_TYPE for backport to UEK5 (Dick Kennedy) [Orabug: 31344936] \n- scsi: lpfc: Fix unexpected error messages during RSCN handling (James Smart) [Orabug: 31344936] \n- scsi: lpfc: Fix devices that dont return after devloss followed by rediscovery (James Smart) [Orabug: 31344936] \n- scsi: lpfc: Fix port relogin failure due to GID_FT interaction (James Smart) [Orabug: 31344936] \n- scsi: lpfc: Fix discovery failures when target device connectivity bounces (James Smart) [Orabug: 31344936] \n- NFSv4.0: Remove transport protocol name from non-UCS client ID (Chuck Lever) [Orabug: 31357279] \n- NFSv4.0: Remove cl_ipaddr from non-UCS client ID (Chuck Lever) [Orabug: 31357279] \n- slcan: not call free_netdev before rtnl_unlock in slcan_open (Oliver Hartkopp) [Orabug: 31314977] \n- can, slip: Protect tty->disc_data in write_wakeup and close with RCU (Richard Palethorpe) [Orabug: 31314977] \n- can: slcan: Fix use-after-free Read in slcan_open (Jouni Hogander) [Orabug: 31314977] \n- slcan: Fix memory leak in error path (Jouni Hogander) [Orabug: 31314977] \n- uek-rpm: aarch64 make olddefconfig after inline spinlocks (Tom Saeger) [Orabug: 31314977] \n- config-aarch64: enable CONFIG_MPLS_IPTUNNEL and CONFIG_BPF_JIT_ALWAYS_ON (Thomas Tai) [Orabug: 31314977] \n- config-aarch64: enable ISCSI_IBFT (Thomas Tai) [Orabug: 31314977] \n- iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND (Thomas Tai) [Orabug: 31314977] \n- config-aarch64: change CONFIG_HZ and CONFIG_FRAME_WARN (Thomas Tai) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE (Will Deacon) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Prevent any devices access to memory without registration (Zhen Lei) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Disable default event queue logging (Rick Farrington) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel (Will Deacon) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (Will Deacon) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Force 32 byte command queue memory reads on SMMU for 96xx and 95xx silicons (Geetha sowjanya) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Force 32 byte command queue memory reads on CN96XX SMMU (Linu Cherian) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Use burst-polling for sync completion (Robin Murphy) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Consolidate identical timeouts (Will Deacon) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Split arm_smmu_cmdq_issue_sync in half (Will Deacon) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Use CMD_SYNC completion MSI (Robin Murphy) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Forget about cmdq-sync interrupt (Robin Murphy) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Specialise CMD_SYNC handling (Robin Murphy) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Correct COHACC override message (Robin Murphy) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Avoid ILLEGAL setting of STE.S1STALLD and CD.S (Yisheng Xie) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Ensure we sync STE when only changing config field (Will Deacon) [Orabug: 31314977] \n- iommu/arm-smmu: Remove ACPICA workarounds (Robin Murphy) [Orabug: 31314977] \n- Revert 'iommu/arm-smmu-v3: Force 32 byte command queue memory reads on CN96XX SMMU' (Eric Snowberg) [Orabug: 31314977] \n- Revert 'iommu/arm-smmu-v3: Force 32 byte command queue memory reads on SMMU for 96xx and 95xx silicons' (Eric Snowberg) [Orabug: 31314977] \n- Revert 'iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel' (Eric Snowberg) [Orabug: 31314977] \n- Revert 'iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel' (Eric Snowberg) [Orabug: 31314977] \n- Revert 'iommu/arm-smmu-v3: Disable default event queue logging' (Eric Snowberg) [Orabug: 31314977] \n- Revert 'iommu/arm-smmu-v3: Prevent any devices access to memory without registration' (Eric Snowberg) [Orabug: 31314977] \n- lib/list_sort: optimize number of calls to comparison function (George Spelvin) [Orabug: 31314977] \n- lib/list_sort: simplify and remove MAX_LIST_LENGTH_BITS (George Spelvin) [Orabug: 31314977] \n- lib/sort: avoid indirect calls to built-in swap (George Spelvin) [Orabug: 31314977] \n- lib/sort: use more efficient bottom-up heapsort variant (George Spelvin) [Orabug: 31314977] \n- lib/sort: make swap functions more generic (George Spelvin) [Orabug: 31314977] \n- KVM: arm/arm64: Only skip MMIO insn once (Andrew Jones) [Orabug: 31314977] \n- arm64: topology: divorce MC scheduling domain from core_siblings (Jeremy Linton) [Orabug: 31314977] \n- ACPI: Add PPTT to injectable table list (Jeremy Linton) [Orabug: 31314977] \n- arm64: topology: enable ACPI/PPTT based CPU topology (Jeremy Linton) [Orabug: 31314977] \n- arm64: topology: rename cluster_id (Jeremy Linton) [Orabug: 31314977] \n- drivers: base cacheinfo: Add support for ACPI based firmware tables (Jeremy Linton) [Orabug: 31314977] \n- ACPI: Enable PPTT support on ARM64 (Jeremy Linton) [Orabug: 31314977] \n- ACPI/PPTT: Add Processor Properties Topology Table parsing (Jeremy Linton) [Orabug: 31314977] \n- arm64/acpi: Create arch specific cpu to acpi id helper (Jeremy Linton) [Orabug: 31314977] \n- cacheinfo: rename of_node to fw_token (Jeremy Linton) [Orabug: 31314977] \n- drivers: base: cacheinfo: setup DT cache properties early (Jeremy Linton) [Orabug: 31314977] \n- drivers: base: cacheinfo: move cache_setup_of_node() (Jeremy Linton) [Orabug: 31314977] \n- ata: Disable AHCI ALPM feature for Ampere Computing eMAG SATA (Suman Tripathi) [Orabug: 31314977] \n- arm64: locking: Replace ticket lock implementation with qspinlock (Will Deacon) [Orabug: 31314977] \n- arm64: kconfig: Ensure spinlock fastpaths are inlined if !PREEMPT (Will Deacon) [Orabug: 31314977] \n- arm64: barrier: Implement smp_cond_load_relaxed (Will Deacon) [Orabug: 31314977] \n- PM / core: fix deferred probe breaking suspend resume order (Feng Kan) [Orabug: 31314977] \n- netdev, octeon3-ethernet: increase num_packet_buffers to 4096 (Dave Kleikamp) [Orabug: 31351445] \n- RDMA/mlx5: Set MR cache limit for both PF and VF (Nikhil Krishna) [Orabug: 31127373] \n- uek-rpm: Move grub boot menu update to posttrans stage. (Somasundaram Krishnasamy) [Orabug: 31358100]\n[4.14.35-1902.303.2]\n- KVM: x86: degrade WARN to pr_warn_ratelimited (Paolo Bonzini) [Orabug: 31333678] \n- kvm: x86/vmx: Use kzalloc for cached_vmcs12 (Tom Roeder) [Orabug: 31333678] \n- KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (Liran Alon) [Orabug: 31333678] \n- net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (Navid Emamdoost) [Orabug: 31301340] {CVE-2019-19045}\n- mdio_bus: Fix use-after-free on device_register fails (YueHaibing) [Orabug: 31222291] {CVE-2019-12819}\n- scsi: qla2xxx: Fix fabric scan hang (Quinn Tran) [Orabug: 31331073] \n- scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (Himanshu Madhani) [Orabug: 31331073] \n- nvme: Fix device removal of qla2xxx.ko causing sysfs_warn_dup() warning. (John Donnelly) [Orabug: 31322530] \n- USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317666] {CVE-2019-19537}\n- rds: ib: Fix dysfunctional long address resolve timeout (Hakon Bugge) [Orabug: 31302707] \n- ocfs2: fix panic due to ocfs2_wq is null (Yi Li) [Orabug: 31117439] \n- mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified (Yang Shi) [Orabug: 30969300] \n- NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (Robert Milkowski) [Orabug: 30594625] \n- NFSv4: try lease recovery on NFS4ERR_EXPIRED (Robert Milkowski) [Orabug: 30594625] \n- KVM: x86: clear SMM flags before loading state while leaving SMM (Sean Christopherson) [Orabug: 31317296] \n- KVM: x86: Open code kvm_set_hflags (Sean Christopherson) [Orabug: 31317296] \n- KVM: x86: Load SMRAM in a single shot when leaving SMM (Sean Christopherson) [Orabug: 31317296] \n- scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (Michael Hernandez) [Orabug: 30846292] \n- scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (Michael Hernandez) [Orabug: 30846292] \n- scsi: qla2xxx: Correctly retrieve and interpret active flash region (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: unregister ports after GPN_FT failure (Martin Wilck) [Orabug: 30846292] \n- scsi: qla2xxx: dont use zero for FC4_PRIORITY_NVME (Martin Wilck) [Orabug: 30846292] \n- scsi: qla2xxx: initialize fc4_type_priority (Martin Wilck) [Orabug: 30846292] \n- scsi: qla2xxx: Fix a dma_pool_free() call (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove an include directive (Bart Van Assche) [Orabug: 30846292] \n- qla2xxx: Update driver version to 10.01.00.21.76.2-k (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Fix device connect issues in P2P configuration (Arun Easi) [Orabug: 30846292] \n- scsi: qla2xxx: Fix double scsi_done for abort path (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix SRB leak on switch command timeout (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Do command completion on abort timeout (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Improve logging for scan thread (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Set remove flag for all VP (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Dual FCP-NVMe target port support (Michael Hernandez) [Orabug: 30846292] \n- scsi: qla2xxx: remove redundant assignment to pointer host (Colin Ian King) [Orabug: 30846292] \n- scsi: qla2xxx: fix NPIV tear down process (Martin Wilck) [Orabug: 30846292] \n- scsi: qla2xxx: Fix partial flash write of MBI (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (Daniel Wagner) [Orabug: 30846292] \n- scsi: qla2xxx: Fix Nport ID display value (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix N2N link up fail (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix N2N link reset (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Optimize NPIV tear down process (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix stale mem access on driver unload (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Silence fwdump template message (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Fix stale session (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix stuck login session (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix driver reload for ISP82xx (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Fix flash read for Qlogic ISPs (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (Colin Ian King) [Orabug: 30846292] \n- scsi: qla2xxx: Fix a recently introduced kernel warning (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: cleanup trace buffer initialization (Martin Wilck) [Orabug: 30846292] \n- scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (Martin Wilck) [Orabug: 30846292] \n- scsi: qla2xxx: Fix a NULL pointer dereference (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove two superfluous if-tests (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Report invalid mailbox status codes (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove superfluous sts_entry_* casts (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain if sp->done() is not called from the completion path (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make sure that aborted commands are freed (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Check secondary image if reading the primary image fails (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain if a soft reset fails (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Check the PCI info string output buffer size (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain if waiting for pending commands times out (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Simplify a debug statement (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove dead code (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain if parsing the version string fails (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain if a mailbox command times out (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use strlcpy() instead of strncpy() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Report the firmware status code if a mailbox command fails (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove two superfluous tests (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove a superfluous pointer check (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Simplify qlt_lport_dump() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Reduce the number of casts in GID list code (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Verify locking assumptions at runtime (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Change data_dsd into an array (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove a superfluous forward declaration (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove an include directive from qla_mr.c (Bart Van Assche) [Orabug: 30846292] \nheader file from qla_dsd.h (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use tabs instead of spaces for indentation (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Improve Linux kernel coding style conformance (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Really fix qla2xxx_eh_abort() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix hang in fcport delete path (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (Andrew Vasquez) [Orabug: 30846292] \n- scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (Arun Easi) [Orabug: 30846292] \n- scsi: qla2xxx: Correct error handling during initialization failures (Andrew Vasquez) [Orabug: 30846292] \n- scsi: qla2xxx: Retry fabric Scan on IOCB queue full (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix premature timer expiration (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Skip FW dump on LOOP initialization error (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Use Correct index for Q-Pair array (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix abort timeout race condition. (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix different size DMA Alloc/Unmap (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Replace vmalloc + memset with vzalloc (Chuhong Yuan) [Orabug: 30846292] \n- scsi: qla2xxx: Remove unnecessary null check (YueHaibing) [Orabug: 30846292] \n- qla2xxx: remove SGI SN2 support (Christoph Hellwig) [Orabug: 30846292] \n- scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (Bill Kuzeja) [Orabug: 30846292] \n- scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: on session delete, return nvme cmd (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (Enzo Matsumiya) [Orabug: 30846292] \n- scsi: qla2xxx: Fix hardlockup in abort command during driver remove (Arun Easi) [Orabug: 30846292] \n- scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (Arun Easi) [Orabug: 30846292] \n- scsi: qla2xxx: Fix NPIV handling for FC-NVMe (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Add cleanup for PCI EEH recovery (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix hardirq-unsafe locking (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain loudly about reference count underflow (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use __le64 instead of uint32_t[2] for sending DMA addresses to firmware (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Check the size of firmware data structures at compile time (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Pass little-endian values to the firmware (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (Giridhar Malavali) [Orabug: 30846292] \n- qla2xxx: Fix DMA Buffer free for DIF Bundling (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove unnecessary locking from the target code (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove qla_tgt_cmd.released (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain if a command is released that is owned by the firmware (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: target: Fix offline port handling and host reset handling (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Log the status code if a firmware command fails (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Uninline qla2x00_init_timer() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove a set-but-not-used variable (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Update two source code comments (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Silence Successful ELS IOCB message (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Fix device staying in blocked state (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove two superfluous casts (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (Bart Van Assche) [Orabug: 30846292] \ninclude directive (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Move the port_state_str[] definition from a .h to a .c file (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Insert spaces where required (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Fix formatting of pointer types (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Leave a blank line after declarations (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use tabs to indent code (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Fix FC-AL connection target discovery (Quinn Tran) [Orabug: 30846292] \n- scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (Hannes Reinecke) [Orabug: 30846292] \n- scsi: tcm_qla2xxx: Minimize #include directives (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Unregister resources in the opposite order of the registration order (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use get/put_unaligned where appropriate (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Reduce the number of forward declarations (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Declare local symbols static (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (Colin Ian King) [Orabug: 30846292] \n- scsi: qla2xxx: Remove useless set memory to zero use memset() (YueHaibing) [Orabug: 30846292] \n- scsi: qla2xxx: Set remote port devloss timeout to 0 (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (Anil Gurumurthy) [Orabug: 30846292] \n- scsi: qla2xxx: Cleanup fcport memory to prevent leak (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix fw dump corruption (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Further limit FLASH region write access from SysFS (Andrew Vasquez) [Orabug: 30846292] \n- scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Increase the max_sgl_segments to 1024 (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Set the SCSI command result before calling the command done (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Simplify conditional check again (Nathan Chancellor) [Orabug: 30846292] \n- scsi: qla2xxx: Fix a small typo in qla_bsg.c (Milan P. Gandhi) [Orabug: 30846292] \n- scsi: qla2xxx: Fix comment alignment in qla_bsg.c (Milan P. Gandhi) [Orabug: 30846292] \n- qla2xxx: Add 64GBIT Portspeed for Gen7 adapter (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Secure flash update support for ISP28XX (Michael Hernandez) [Orabug: 30846292] \n- scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Correction and improvement to fwdt processing (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Update flash read/write routine (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Add support for multiple fwdump templates/segments (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Correctly report max/min supported speeds (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Add Serdes support for ISP28XX (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Add Device ID for ISP28XX (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Remove FW default template (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Add fw_attr and port_no SysFS node (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: check for kstrtol() failure (Dan Carpenter) [Orabug: 30846292] \n- scsi: qla2xxx: avoid printf format warning (Arnd Bergmann) [Orabug: 30846292] \n- scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (Bill Kuzeja) [Orabug: 30846292] \n- scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Add new FW dump template entry types (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Move marker request behind QPair (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Prevent SysFS access when chip is down (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Add support for setting port speed (Anil Gurumurthy) [Orabug: 30846292] \n- scsi: qla2xxx: Prevent multiple ADISC commands per session (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Check for FW started flag before aborting (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Fix unload when NVMe devices are configured (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Add First Burst support for FC-NVMe devices (Darren Trapp) [Orabug: 30846292] \n- scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: remove redundant null check on pointer sess (Colin Ian King) [Orabug: 30846292] \n- scsi: qla2xxx: Move debug messages before sending srb preventing panic (Bill Kuzeja) [Orabug: 30846292] \n- scsi: qla2xxx: Add mode control for each physical port (Quinn Tran) [Orabug: 30846292]\n[4.14.35-1902.303.1]\n- uek-rpm/ol7/config-mips64: Enable EDAC configs (Vijay Kumar) [Orabug: 31255403] \n- mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring (Navid Emamdoost) [Orabug: 31263146] {CVE-2019-19057}\n- loop: set PF_MEMALLOC_NOIO for the worker thread (Mikulas Patocka) [Orabug: 31292386] \n- mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246301] {CVE-2019-19056}\n- MIPS: Add configs for audit (Vijay Kumar) [Orabug: 31245225] \n- MIPS: Add syscall auditing support (Ralf Baechle) [Orabug: 31245225] \n- media: technisat-usb2: break out of loop at end of buffer (Sean Young) [Orabug: 31224553] {CVE-2019-15505}\n- Input: ff-memless - kill timer in destroy() (Oliver Neukum) [Orabug: 31213690] {CVE-2019-19524}\n- Input: add safety guards to input_set_keycode() (Dmitry Torokhov) [Orabug: 31200557] {CVE-2019-20636}\n- fm10k: update driver version to match out-of-tree (Jacob Keller) [Orabug: 31268827] \n- fm10k: add support for ndo_get_vf_stats operation (Jacob Keller) [Orabug: 31268827] \n- fm10k: add missing field initializers to TLV attributes) (Jacob Keller) [Orabug: 31268827] \n- fm10k: use a local variable for the frag pointer (Jacob Keller) [Orabug: 31268827] \n- fm10k: no need to check return value of debugfs_create functions (Greg Kroah-Hartman) [Orabug: 31268827] \n- fm10k: fix fm10k_get_fault_pf to read correct address (Jacob Keller) [Orabug: 31268827] \n- fm10k: convert NON_Q_VECTORS(hw) into NON_Q_VECTORS (Jacob Keller) [Orabug: 31268827] \n- fm10k: mark unused parameters with __always_unused (Jacob Keller) [Orabug: 31268827] \n- fm10k: cast page_addr to u8 * when incrementing it (Jacob Keller) [Orabug: 31268827] \n- fm10k: explicitly return 0 on success path in function (Jacob Keller) [Orabug: 31268827] \n- fm10k: remove needless initialization of size local variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: remove needless assignment of err local variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: remove unnecessary variable initializer (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce scope of the ring variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of the result local variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of the local msg variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of the local i variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of the err variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of the tx_buffer variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of the q_idx local variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of local err variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of qv local variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce scope of *p local variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce scope of the err variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: Use dev_get_drvdata (Chuhong Yuan) [Orabug: 31268827] \n- fm10k: use struct_size() in kzalloc() (Gustavo A. R. Silva) [Orabug: 31268827] \n- fm10k: TRIVIAL cleanup of extra spacing in function comment (Jacob Keller) [Orabug: 31268827] \n- fm10k: bump driver version to match out-of-tree release (Jacob Keller) [Orabug: 31268827] \n- fm10k: add missing device IDs to the upstream driver (Jacob Keller) [Orabug: 31268827] \n- fm10k: fix SM mailbox full condition (Ngai-Mint Kwan) [Orabug: 31268827] \n- Documentation: fm10k: Add kernel documentation (Jeff Kirsher) [Orabug: 31268827] \n- fm10k: remove ndo_poll_controller (Eric Dumazet) [Orabug: 31268827] \n- fm10k: dont protect fm10k_queue_mac_request by fm10k_host_mbx_ready (Jacob Keller) [Orabug: 31268827] \n- fm10k: warn if the stat size is unknown (Jacob Keller) [Orabug: 31268827] \n- fm10k: use macro to avoid passing the array and size separately (Jacob Keller) [Orabug: 31268827] \n- fm10k: use variadic arguments to fm10k_add_stat_strings (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce duplicate fm10k_stat macro code (Jacob Keller) [Orabug: 31268827] \n- fm10k: setup VLANs for l2 accelerated macvlan interfaces (Jacob Keller) [Orabug: 31268827] \n- fm10k: Report PCIe link properties with pcie_print_link_status() (Bjorn Helgaas) [Orabug: 31268827] \n- fm10k: bump version number (Jacob Keller) [Orabug: 31268827] \n- fm10k: fix incorrect warning for function prototype (Jacob Keller) [Orabug: 31268827] \n- fm10k: fix function doxygen comments (Jacob Keller) [Orabug: 31268827] \n- fm10k: clarify action when updating the VLAN table (Ngai-Mint Kwan) [Orabug: 31268827] \n- fm10k: correct typo in fm10k_pf.c (Ngai-Mint Kwan) [Orabug: 31268827] \n- fm10k: dont assume VLAN 1 is enabled (Jacob Keller) [Orabug: 31268827] \n- fm10k: stop adding VLAN 0 to the VLAN table (Jacob Keller) [Orabug: 31268827] \n- fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (Jacob Keller) [Orabug: 31268827] \n- fm10k: Fix configuration for macvlan offload (Alexander Duyck) [Orabug: 31268827] \n- fm10k: mark PM functions as __maybe_unused (Arnd Bergmann) [Orabug: 31268827] \n- fm10k: prefer %s and __func__ for diagnostic prints (Jacob Keller) [Orabug: 31268827] \n- fm10k: Fix misuse of net_ratelimit() (Joe Perches) [Orabug: 31268827] \n- fm10k: bump version number (Jacob Keller) [Orabug: 31268827] \n- fm10k: use the MAC/VLAN queue for VFPF MAC/VLAN requests (Jacob Keller) [Orabug: 31268827] \n- fm10k: introduce a message queue for MAC/VLAN messages (Jacob Keller) [Orabug: 31268827] \n- fm10k: use generic PM hooks instead of legacy PCIe power hooks (Jacob Keller) [Orabug: 31268827] \n- fm10k: use spinlock to implement mailbox lock (Jacob Keller) [Orabug: 31268827] \n- fm10k: prepare_for_reset() when we lose PCIe Link (Jacob Keller) [Orabug: 31268827] \n- fm10k: prevent race condition of __FM10K_SERVICE_SCHED (Jacob Keller) [Orabug: 31268827] \n- fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (Jacob Keller) [Orabug: 31268827] \n- fm10k: avoid divide by zero in rare cases when device is resetting (Jacob Keller) [Orabug: 31268827] \n- fm10k: dont loop while resetting VFs due to VFLR event (Jacob Keller) [Orabug: 31268827] \n- fm10k: simplify reading PFVFLRE register (Jacob Keller) [Orabug: 31268827] \n- fm10k: avoid needless delay when loading driver (Jacob Keller) [Orabug: 31268827] \n- fm10k: add missing fall through comment (Jacob Keller) [Orabug: 31268827] \n- fm10k: avoid possible truncation of q_vector->name (Jacob Keller) [Orabug: 31268827] \n- fm10k: fix typos on fall through comments (Jacob Keller) [Orabug: 31268827] \n- fm10k: stop spurious link down messages when Tx FIFO is full (Jacob Keller) [Orabug: 31268827] \n- fm10k: Use seq_putc() in fm10k_dbg_desc_break() (Markus Elfring) [Orabug: 31268827] \n- fm10k: reschedule service event if we stall the PFSM mailbox (Jacob Keller) [Orabug: 31268827] \n- jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31264701]\n[4.14.35-1902.303.0]\n- uek-rpm/ol7/config-mips64-embedded: Firewalld reports error and warnings for missing config (Vijay Kumar) [Orabug: 31239302] \n- brcmfmac: add subtype check for event handling in data path (Arend van Spriel) [Orabug: 31234675] {CVE-2019-9503}\n- mips64: drivers/watchdog: Add IRQF_NOBALANCING when requesting irq (Thomas Tai) [Orabug: 31233810] \n- iwlwifi: dbg_ini: fix memory leak in alloc_sgtable (Navid Emamdoost) [Orabug: 31233656] {CVE-2019-19058}\n- SUNRPC: Allow soft RPC calls to time out when waiting for the XPRT_LOCK (Trond Myklebust) [Orabug: 31226553] \n- SUNRPC: Turn off throttling of RPC slots for TCP sockets (Trond Myklebust) [Orabug: 31226553] \n- NFSv4.1: Avoid false retries when RPC calls are interrupted (Trond Myklebust) [Orabug: 31226553] \n- coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (Andrea Arcangeli) [Orabug: 31222107] {CVE-2019-11599}\n- ext4: add more paranoia checking in ext4_expand_extra_isize handling (Theodore Tso) [Orabug: 31218807] {CVE-2019-19767}\n- ext4: fix use-after-free race with debug_want_extra_isize (Barret Rhoden) [Orabug: 31218807] {CVE-2019-19767}\n- media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31213766] {CVE-2020-11668}\n- media: ov519: add missing endpoint sanity checks (Johan Hovold) [Orabug: 31213757] {CVE-2020-11608}\n- media: stv06xx: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31200578] {CVE-2020-11609}\n- net/flow_dissector: switch to siphash (Eric Dumazet) [Orabug: 30872863] {CVE-2019-18282}\n- brcmfmac: assure SSID length from firmware is limited (Arend van Spriel) [Orabug: 30872843] {CVE-2019-9500}\n- xfs: move inode flush to the sync workqueue (Darrick J. Wong) [Orabug: 31056429]", "edition": 1, "modified": "2020-06-09T00:00:00", "published": "2020-06-09T00:00:00", "id": "ELSA-2020-5715", "href": "http://linux.oracle.com/errata/ELSA-2020-5715.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2020-08-07T11:45:28", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-9502", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-9501"], "description": "**Executive Summary**\n\nMicrosoft is aware of vulnerabilities that affect the Broadcom wireless chipset included in the Microsoft HoloLens device. The vulnerabilities could allow an unauthenticated attacker in physical proximity to cause a denial of service condition or execute code on a target system. The vulnerabilities were issued CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.\n\nTo address this issue, Microsoft has included the updated Broadcom firmware in the latest HoloLens update.\n\n**Recommended Actions**\n\nMicrosoft recommends that customers install the June security update for HoloLens. See the **Security Updates** table for the link to the update and more information.\n", "edition": 2, "modified": "2019-06-11T07:00:00", "id": "MS:ADV190017", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190017", "published": "2019-06-11T07:00:00", "title": "Microsoft HoloLens Remote Code Execution Vulnerabilities", "type": "mscve", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2020-09-18T20:41:09", "bulletinFamily": "info", "cvelist": ["CVE-2019-9500", "CVE-2019-9501", "CVE-2019-9502", "CVE-2019-9503"], "description": "### Overview \n\nThe Broadcom `wl` driver and the open-source `brcmfmac` driver for Broadcom WiFi chipsets contain multiple vulnerabilities. The Broadcom `wl` driver is vulnerable to two heap buffer overflows, and the open-source `brcmfmac` driver is vulnerable to a frame validation bypass and a heap buffer overflow.\n\n### Description \n\nQuarkslab has [researched](<https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html>) and reported multiple vulnerabilities affecting Broadcom WiFi drivers.\n\n**Vulnerabilities in the open source **`**brcmfmac**`** driver:** \nCVE-2019-9503: If the brcmfmac driver receives a firmware event frame from a remote source, the `is_wlc_event_frame` function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. \n \nCVE-2019-9500: If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with the above frame validation bypass, can be used remotely. \n \nNOTE: The `brcmfmac` driver only works with Broadcom FullMAC chipsets. \n \n**Vulnerabilities in the Broadcom **`**wl**`** driver:** \nTwo heap buffer overflows can be triggered in the client when parsing an EAPOL message 3 during the 4-way handshake from the access point (AP). \n \nCVE-2019-9501: By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in `wlc_wpa_sup_eapol.` \n \nCVE-2019-9502: If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in `wlc_wpa_plumb_gtk.` \n \nNOTE: When the wl driver is used with SoftMAC chipsets, these vulnerabilities are triggered in the host's kernel. When a FullMAC chipset is being used, these vulnerabilities would be triggered in the chipset's firmware. \n \n--- \n \n### Impact \n\nIn the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, these vulnerabilities will result in denial-of-service conditions. \n \n--- \n \n### Solution \n\n**Apply Patches**\n\nThe brcmfmac driver has been patched to address these vulnerabilities. \n \n--- \n \nThe following workarounds can help mitigate this and other WiFi vulnerabilities: \n \n**Use Trusted Wifi** \nOnly use WiFi networks that you trust. \n \n--- \n \n### Vendor Information\n\n166939\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Affected\n\nNotified: January 11, 2019 Updated: April 12, 2019 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Broadcom Affected\n\nNotified: January 11, 2019 Updated: April 12, 2019 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Synology __ Affected\n\nNotified: April 09, 2019 Updated: April 23, 2019 \n\n**Statement Date: April 18, 2019**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nPlease note that RT1900ac [1] employs `wpa_supplicant' for EAPOL handshakes instead of `broadcom-sta' by default, but administrators are capable of force enabling the proprietary driver. Hence, Synology considers this vulnerability has limited impact on RT1900ac. For the \"brcmfmac\" concern, RT1900ac is not affected as it employs Broadcom proprietary driver instead of the open source version.\n\n[1] <https://www.synology.com/products/RT1900ac>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.synology.com/security/advisory/Synology_SA_19_18>\n\n### Aruba Networks Not Affected\n\nNotified: April 09, 2019 Updated: April 19, 2019 \n\n**Statement Date: April 16, 2019**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Brocade Communication Systems __ Not Affected\n\nNotified: April 09, 2019 Updated: April 19, 2019 \n\n**Statement Date: April 18, 2019**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNo Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cisco __ Not Affected\n\nNotified: April 09, 2019 Updated: April 19, 2019 \n\n**Statement Date: April 18, 2019**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nCisco has evaluated these vulnerabilities and confirmed that no Cisco products are impacted. This assessment is valid for all Cisco enterprise products and Cisco Small Business products.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Extreme Networks __ Not Affected\n\nNotified: April 09, 2019 Updated: April 12, 2019 \n\n**Statement Date: April 12, 2019**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nFor VU#166939, WiNG wireless products from Extreme Networks, Inc. are not affected because we do not use the affected chipsets or drivers.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### LANCOM Systems GmbH __ Not Affected\n\nNotified: April 09, 2019 Updated: April 19, 2019 \n\n**Statement Date: April 16, 2019**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nLANCOM Systems confirms that no LANCOM product is affected.\n\n### Palo Alto Networks Not Affected\n\nNotified: April 09, 2019 Updated: April 19, 2019 \n\n**Statement Date: April 17, 2019**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Zyxel __ Not Affected\n\nNotified: April 09, 2019 Updated: April 19, 2019 \n\n**Statement Date: April 15, 2019**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nZyxel was initially marked as Affected, this was an error, Zyxel has stated that they are not affected by these vulnerabilities.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23166939 Feedback>).\n\n### A10 Networks Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ACCESS Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ADTRAN Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ANTlabs Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ARRIS Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AT&T Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AVM GmbH Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Actelis Networks Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Actiontec Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Aerohive Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AhnLab Inc Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AirWatch Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Akamai Technologies, Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alpine Linux Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Android Open Source Project Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Appgate Network Security Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Arch Linux Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Arista Networks, Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AsusTek Computer Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Atheros Communications Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Avaya, Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Barracuda Networks Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Belden Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Belkin, Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### BlackBerry Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Blue Coat Systems Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### BlueCat Networks, Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### CA Technologies Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### CZ.NIC Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cambium Networks Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ceragon Networks Inc Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Check Point Software Technologies Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Comcast Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Command Software Systems Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### CoreOS Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cradlepoint Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### D-Link Systems, Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Debian GNU/Linux Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Dell Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Dell EMC Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Dell SecureWorks Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### DesktopBSD Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Deutsche Telekom Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Devicescape Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Digi International Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### DragonFly BSD Project Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EfficientIP SAS Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ericsson Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Espressif Systems Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### European Registry for Internet Domains Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Express Logic Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F-Secure Corporation Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fastly Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Force10 Networks Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fortinet, Inc. Unknown\n\nNotified: April 15, 2019 Updated: April 15, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Foundry Brocade Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### FreeBSD Project Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### GNU glibc Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Geexbox Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Google Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### HP Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### HTC Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Honeywell Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Huawei Technologies Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Illumos Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### InfoExpress, Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Infoblox Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Intel Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Internet Systems Consortium Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Internet Systems Consortium - DHCP Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Interniche Technologies, inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Joyent Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Juniper Networks Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lantronix Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lenovo Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### LibreSSL Unknown\n\nNotified: April 12, 2019 Updated: April 12, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Linksys Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Marvell Semiconductors Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### McAfee Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MediaTek Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Medtronic Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MetaSwitch Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Micro Focus Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microchip Technology Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microsoft Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MikroTik Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Miredo Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mitel Networks, Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NETSCOUT Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NLnet Labs Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Netgear, Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nixu Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenConnect Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenDNS Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenSSL Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Paessler Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Peplink Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Philips Electronics Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### PowerDNS Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Pulse Secure Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QLogic Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QUALCOMM Incorporated Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Quagga Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Quantenna Communications Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Red Hat, Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Riverbed Technologies Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Rocket RTOS Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Roku Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ruckus Wireless Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SUSE Linux Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Samsung Mobile Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Samsung Semiconductor Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Secure64 Software Corporation Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sierra Wireless Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SmoothWall Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Snort Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SonicWall Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sonos Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sophos, Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sourcefire Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Symantec Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TDS Telecom Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TP-LINK Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Technicolor Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Toshiba Commerce Solutions Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TrueOS Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubuntu Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### VMware Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Xilinx Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Zebra Technologies Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Zephyr Project Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### aep NETWORKS Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### dnsmasq Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### eCosCentric Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### eero Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### m0n0wall Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### netsnmp Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### pfSense Unknown\n\nNotified: April 09, 2019 Updated: April 09, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### wolfSSL Unknown\n\nNotified: April 12, 2019 Updated: April 12, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 166 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.8 | AV:A/AC:H/Au:N/C:C/I:C/A:C \nTemporal | 5.3 | E:POC/RL:OF/RC:ND \nEnvironmental | 4.0 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html>\n * <https://lore.kernel.org/linux-wireless/1550148232-4309-1-git-send-email-arend.vanspriel@broadcom.com>\n * <https://broadcom.com/>\n * <https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f>\n * <https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff>\n\n### Acknowledgements\n\nThanks to Hugues Anguelkov during his internship at Quarkslab for reporting this vulnerability.\n\nThis document was written by Trent Novelly.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2019-9503](<http://web.nvd.nist.gov/vuln/detail/CVE-2019-9503>), [CVE-2019-9500](<http://web.nvd.nist.gov/vuln/detail/CVE-2019-9500>), [CVE-2019-9501](<http://web.nvd.nist.gov/vuln/detail/CVE-2019-9501>), [CVE-2019-9502](<http://web.nvd.nist.gov/vuln/detail/CVE-2019-9502>) \n---|--- \n**Date Public:** | 2019-04-15 \n**Date First Published:** | 2019-04-17 \n**Date Last Updated: ** | 2019-04-23 18:28 UTC \n**Document Revision: ** | 35 \n", "modified": "2019-04-23T18:28:00", "published": "2019-04-17T00:00:00", "id": "VU:166939", "href": "https://www.kb.cert.org/vuls/id/166939", "type": "cert", "title": "Broadcom WiFi chipset drivers contain multiple vulnerabilities", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "attackerkb": [{"lastseen": "2020-11-18T06:37:28", "bulletinFamily": "info", "cvelist": ["CVE-2019-15126", "CVE-2019-9500", "CVE-2019-9501", "CVE-2019-9502", "CVE-2019-9503"], "description": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.\n\n \n**Recent assessments:** \n \n**busterb** at February 27, 2020 2:53pm UTC reported:\n\nThe TL;DR from the technical whitepaper found here: <https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf>\n\nIf there are outbound TX queue packets for certain common WiFi devices, and a disassociation management packet is sent, the device will clear the encryption key to all zeros, and send the remaining packet data in the queue with that hardcoded key. If an attacker can send diassociate packets and then listen for any residual data frames, they can decrypt whatever traffic remains in the TX queue on those devices, which may be a few hundred packets depending on the data rate involved.\n\nWhile this seems like a real risk, I\u2019m firmly in the camp that relying on the physical layer in the first place for data protection is misguided, and that really end-to-end security is still the only way to \u2013 Wifi has proven over and over to be a weak security boundary. By the time this is wide-spread fixed, we\u2019ll all be using DNS-over-HTTPS by force from browsers anyway. So, from an end-point consumer PoV, this isn\u2019t a big deal. Not any worse that connecting to that unencrypted hotel network you may have used earlier.\n\nSome potential future vuln predictions here: <https://twitter.com/vanhoefm/status/1232738451587555328>\n\nThinking through situations where an attacker might find this useful would be in physically accessing business-local OT networks, like point-of-sale, manufacturing, or other squishy-on-the-inside networks. Expect to see this show up in the next Wifi Pineapple release or in your next pen test physical engagement report.\n\nAssessed Attacker Value: 2 \nAssessed Attacker Value: 4\n", "modified": "2020-10-13T00:00:00", "published": "2020-02-05T00:00:00", "id": "AKB:E144DDF5-BA54-49FB-B30B-34FF2B8B7F5E", "href": "https://attackerkb.com/topics/tqzSAqU01x/cve-2019-15126-aka-kr00k", "type": "attackerkb", "title": "CVE-2019-15126 aka Kr00k", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:06", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11884", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-10142", "CVE-2019-5489", "CVE-2019-3882"], "description": "**Issue Overview:**\n\nA flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects. ([CVE-2019-10142 __](<https://access.redhat.com/security/cve/CVE-2019-10142>))\n\nThe do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. ([CVE-2019-11884 __](<https://access.redhat.com/security/cve/CVE-2019-11884>))\n\nIf the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw ([CVE-2019-9503 __](<https://access.redhat.com/security/cve/CVE-2019-9503>)), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out. ([CVE-2019-9500 __](<https://access.redhat.com/security/cve/CVE-2019-9500>))\n\nA new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel. ([CVE-2019-5489 __](<https://access.redhat.com/security/cve/CVE-2019-5489>))\n\nA flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). ([CVE-2019-3882 __](<https://access.redhat.com/security/cve/CVE-2019-3882>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-devel-4.14.121-85.96.amzn1.i686 \n perf-debuginfo-4.14.121-85.96.amzn1.i686 \n kernel-tools-debuginfo-4.14.121-85.96.amzn1.i686 \n perf-4.14.121-85.96.amzn1.i686 \n kernel-headers-4.14.121-85.96.amzn1.i686 \n kernel-tools-4.14.121-85.96.amzn1.i686 \n kernel-debuginfo-4.14.121-85.96.amzn1.i686 \n kernel-tools-devel-4.14.121-85.96.amzn1.i686 \n kernel-debuginfo-common-i686-4.14.121-85.96.amzn1.i686 \n kernel-4.14.121-85.96.amzn1.i686 \n \n src: \n kernel-4.14.121-85.96.amzn1.src \n \n x86_64: \n kernel-tools-devel-4.14.121-85.96.amzn1.x86_64 \n kernel-tools-debuginfo-4.14.121-85.96.amzn1.x86_64 \n kernel-tools-4.14.121-85.96.amzn1.x86_64 \n perf-debuginfo-4.14.121-85.96.amzn1.x86_64 \n kernel-4.14.121-85.96.amzn1.x86_64 \n kernel-devel-4.14.121-85.96.amzn1.x86_64 \n kernel-headers-4.14.121-85.96.amzn1.x86_64 \n perf-4.14.121-85.96.amzn1.x86_64 \n kernel-debuginfo-4.14.121-85.96.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.14.121-85.96.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2019-05-29T19:35:00", "published": "2019-05-29T19:35:00", "id": "ALAS-2019-1214", "href": "https://alas.aws.amazon.com/ALAS-2019-1214.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:36:12", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11884", "CVE-2019-9500", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-10142", "CVE-2019-5489", "CVE-2019-3882"], "description": "**Issue Overview:**\n\nA flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects.([CVE-2019-10142 __](<https://access.redhat.com/security/cve/CVE-2019-10142>))\n\nA new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel. ([CVE-2019-5489 __](<https://access.redhat.com/security/cve/CVE-2019-5489>))\n\nThe do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character.([CVE-2019-11884 __](<https://access.redhat.com/security/cve/CVE-2019-11884>))\n\nA flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS).([CVE-2019-3882 __](<https://access.redhat.com/security/cve/CVE-2019-3882>))\n\nIf the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw ([CVE-2019-9503 __](<https://access.redhat.com/security/cve/CVE-2019-9503>)), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out.([CVE-2019-9500 __](<https://access.redhat.com/security/cve/CVE-2019-9500>))\n\nA flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem. ([CVE-2019-11833 __](<https://access.redhat.com/security/cve/CVE-2019-11833>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n kernel-4.14.121-109.96.amzn2.aarch64 \n kernel-headers-4.14.121-109.96.amzn2.aarch64 \n kernel-debuginfo-common-aarch64-4.14.121-109.96.amzn2.aarch64 \n perf-4.14.121-109.96.amzn2.aarch64 \n perf-debuginfo-4.14.121-109.96.amzn2.aarch64 \n python-perf-4.14.121-109.96.amzn2.aarch64 \n python-perf-debuginfo-4.14.121-109.96.amzn2.aarch64 \n kernel-tools-4.14.121-109.96.amzn2.aarch64 \n kernel-tools-devel-4.14.121-109.96.amzn2.aarch64 \n kernel-tools-debuginfo-4.14.121-109.96.amzn2.aarch64 \n kernel-devel-4.14.121-109.96.amzn2.aarch64 \n kernel-debuginfo-4.14.121-109.96.amzn2.aarch64 \n \n i686: \n kernel-headers-4.14.121-109.96.amzn2.i686 \n \n src: \n kernel-4.14.121-109.96.amzn2.src \n \n x86_64: \n kernel-4.14.121-109.96.amzn2.x86_64 \n kernel-headers-4.14.121-109.96.amzn2.x86_64 \n kernel-debuginfo-common-x86_64-4.14.121-109.96.amzn2.x86_64 \n perf-4.14.121-109.96.amzn2.x86_64 \n perf-debuginfo-4.14.121-109.96.amzn2.x86_64 \n python-perf-4.14.121-109.96.amzn2.x86_64 \n python-perf-debuginfo-4.14.121-109.96.amzn2.x86_64 \n kernel-tools-4.14.121-109.96.amzn2.x86_64 \n kernel-tools-devel-4.14.121-109.96.amzn2.x86_64 \n kernel-tools-debuginfo-4.14.121-109.96.amzn2.x86_64 \n kernel-devel-4.14.121-109.96.amzn2.x86_64 \n kernel-debuginfo-4.14.121-109.96.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-05-29T18:59:00", "published": "2019-05-29T18:59:00", "id": "ALAS2-2019-1214", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1214.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "description": "USN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu \n16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free \nvulnerability existed in the NFS41+ subsystem when multiple network \nnamespaces are in use. A local attacker in a container could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups \nsubsystem of the Linux kernel did not properly account for SCTP socket \nbuffers. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did \nnot properly limit DMA mappings. A local attacker could use this to cause a \ndenial of service (memory exhaustion). (CVE-2019-3882)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux \nkernel contained a heap buffer overflow. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux \nkernel did not properly prevent remote firmware events from being processed \nfor USB Wifi devices. A physically proximate attacker could use this to \nsend firmware events to the device. (CVE-2019-9503)", "edition": 4, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "USN-3981-2", "href": "https://ubuntu.com/security/notices/USN-3981-2", "title": "Linux kernel (HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:40:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free \nvulnerability existed in the NFS41+ subsystem when multiple network \nnamespaces are in use. A local attacker in a container could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups \nsubsystem of the Linux kernel did not properly account for SCTP socket \nbuffers. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did \nnot properly limit DMA mappings. A local attacker could use this to cause a \ndenial of service (memory exhaustion). (CVE-2019-3882)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux \nkernel contained a heap buffer overflow. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux \nkernel did not properly prevent remote firmware events from being processed \nfor USB Wifi devices. A physically proximate attacker could use this to \nsend firmware events to the device. (CVE-2019-9503)", "edition": 4, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "USN-3981-1", "href": "https://ubuntu.com/security/notices/USN-3981-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:35:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2019-3887", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "description": "USN-3980-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. \nThis update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu \n18.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free \nvulnerability existed in the NFS41+ subsystem when multiple network \nnamespaces are in use. A local attacker in a container could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups \nsubsystem of the Linux kernel did not properly account for SCTP socket \nbuffers. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did \nnot properly limit DMA mappings. A local attacker could use this to cause a \ndenial of service (memory exhaustion). (CVE-2019-3882)\n\nMarc Orr discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly restrict APIC MSR register values when nested \nvirtualization is used. An attacker in a guest vm could use this to cause a \ndenial of service (host OS crash). (CVE-2019-3887)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux \nkernel contained a heap buffer overflow. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux \nkernel did not properly prevent remote firmware events from being processed \nfor USB Wifi devices. A physically proximate attacker could use this to \nsend firmware events to the device. (CVE-2019-9503)", "edition": 4, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "USN-3980-2", "href": "https://ubuntu.com/security/notices/USN-3980-2", "title": "Linux kernel (HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:23:25", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2019-3887", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free \nvulnerability existed in the NFS41+ subsystem when multiple network \nnamespaces are in use. A local attacker in a container could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups \nsubsystem of the Linux kernel did not properly account for SCTP socket \nbuffers. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did \nnot properly limit DMA mappings. A local attacker could use this to cause a \ndenial of service (memory exhaustion). (CVE-2019-3882)\n\nMarc Orr discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly restrict APIC MSR register values when nested \nvirtualization is used. An attacker in a guest vm could use this to cause a \ndenial of service (host OS crash). (CVE-2019-3887)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux \nkernel contained a heap buffer overflow. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux \nkernel did not properly prevent remote firmware events from being processed \nfor USB Wifi devices. A physically proximate attacker could use this to \nsend firmware events to the device. (CVE-2019-9503)", "edition": 5, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "USN-3980-1", "href": "https://ubuntu.com/security/notices/USN-3980-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:26:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2019-3887", "CVE-2019-11683", "CVE-2019-1999", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)\n\nIt was discovered that the IPv4 generic receive offload (GRO) for UDP \nimplementation in the Linux kernel did not properly handle padded packets. \nA remote attacker could use this to cause a denial of service (system \ncrash). (CVE-2019-11683)\n\nIt was discovered that a race condition existed in the Binder IPC driver \nfor the Linux kernel. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2019-1999)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups \nsubsystem of the Linux kernel did not properly account for SCTP socket \nbuffers. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did \nnot properly limit DMA mappings. A local attacker could use this to cause a \ndenial of service (memory exhaustion). (CVE-2019-3882)\n\nMarc Orr discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly restrict APIC MSR register values when nested \nvirtualization is used. An attacker in a guest vm could use this to cause a \ndenial of service (host OS crash). (CVE-2019-3887)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux \nkernel contained a heap buffer overflow. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux \nkernel did not properly prevent remote firmware events from being processed \nfor USB Wifi devices. A physically proximate attacker could use this to \nsend firmware events to the device. (CVE-2019-9503)", "edition": 4, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "USN-3979-1", "href": "https://ubuntu.com/security/notices/USN-3979-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2020-01-30T15:14:50", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 16.04\n\n# Description\n\nUSN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel contained a heap buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503)\n\nCVEs contained in this USN include: CVE-2018-16884, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, CVE-2019-3874, CVE-2019-3882, CVE-2019-9500, CVE-2019-9503\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 315.x versions prior to 315.26\n * 250.x versions prior to 250.48\n * 170.x versions prior to 170.69\n * 97.x versions prior to 97.96\n * All other stemcells not listed.\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 315.x versions to 315.26\n * Upgrade 250.x versions to 250.48\n * Upgrade 170.x versions to 170.69\n * Upgrade 97.x versions to 97.96\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n# References\n\n * [USN-3981-2](<https://usn.ubuntu.com/3981-2>)\n * [CVE-2018-16884](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16884>)\n * [CVE-2018-12126](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12126>)\n * [CVE-2018-12127](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12127>)\n * [CVE-2018-12130](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12130>)\n * [CVE-2019-11091](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11091>)\n * [CVE-2019-3874](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3874>)\n * [CVE-2019-3882](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3882>)\n * [CVE-2019-9500](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9500>)\n * [CVE-2019-9503](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9503>)\n", "edition": 4, "modified": "2019-05-20T00:00:00", "published": "2019-05-20T00:00:00", "id": "CFOUNDRY:02669B806A06D41B24DA398CE2D4EEFD", "href": "https://www.cloudfoundry.org/blog/usn-3981-2/", "title": "USN-3981-2: Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack) | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2019-05-16T16:20:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2019-9003", "CVE-2018-12127", "CVE-2019-11884", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-11486", "CVE-2019-11815", "CVE-2018-16880", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "description": "The openSUSE Leap 15.0 kernel was updated to receive various security and\n bugfixes.\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n This kernel update contains software mitigations for these issues, which\n also utilize CPU microcode updates shipped in parallel.\n\n For more information on this set of information leaks, check out\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc/?id=7023736\">https://www.suse.com/support/kb/doc/?id=7023736</a>\n\n The following security bugs were fixed:\n\n - CVE-2018-16880: A flaw was found in handle_rx() function in the\n vhost_net driver. A malicious virtual guest, under specific conditions,\n can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host\n which may lead to a kernel memory corruption and a system panic. Due to\n the nature of the flaw, privilege escalation cannot be fully ruled out.\n (bnc#1122767).\n - CVE-2019-11486: The Siemens R3964 line discipline driver in\n drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). It has\n been disabled.\n - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in\n net/rds/tcp.c. There is a race condition leading to a use-after-free,\n related to net namespace cleanup (bnc#1134537).\n - CVE-2019-11884: The do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c allowed a local user to obtain potentially\n sensitive information from kernel stack memory via a HIDPCONNADD\n command, because a name field may not end with a '\\0' character\n (bnc#1134848).\n - CVE-2019-3882: A flaw was found in vfio interface implementation that\n permits violation of the user's locked memory limit. If a device is\n bound to a vfio driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may cause a system\n memory exhaustion and thus a denial of service (DoS). (bnc#1131416\n bnc#1131427).\n - CVE-2019-9003: Attackers can trigger a\n drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging\n for certain simultaneous execution of the code, as demonstrated by a\n "service ipmievd restart" loop (bnc#1126704).\n - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n was fixed (bnc#1132681).\n - CVE-2019-9503: Multiple brcmfmac frame validation bypasses have been\n fixed (bnc#1132828).\n\n The following non-security bugs were fixed:\n\n - 9p: do not trust pdu content for stat item size (bsc#1051510).\n - acpi, nfit: Prefer _DSM over _LSR for namespace label reads\n (bsc#1112128) (bsc#1132426).\n - ACPI / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510).\n - ALSA: core: Do not refer to snd_cards array directly (bsc#1051510).\n - ALSA: core: Fix card races between register and disconnect (bsc#1051510).\n - ALSA: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510).\n - ALSA: hda - Add two more machines to the power_save_blacklist\n (bsc#1051510).\n - ALSA: hda/hdmi - Consider eld_valid when reporting jack event\n (bsc#1051510).\n - ALSA: hda/hdmi - Read the pin sense from register when repolling\n (bsc#1051510).\n - ALSA: hda: Initialize power_state field properly (bsc#1051510).\n - ALSA: hda/realtek - Add new Dell platform for headset mode (bsc#1051510).\n - ALSA: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442).\n - ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO\n (bsc#1051510).\n - ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB\n (bsc#1051510).\n - ALSA: hda/realtek - add two more pin configuration sets to quirk table\n (bsc#1051510).\n - ALSA: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510).\n - ALSA: hda/realtek - EAPD turn on later (bsc#1051510).\n - ALSA: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510).\n - ALSA: hda - Register irq handler after the chip initialization\n (bsc#1051510).\n - ALSA: hdea/realtek - Headset fixup for System76 Gazelle (gaze14)\n (bsc#1051510).\n - ALSA: info: Fix racy addition/deletion of nodes (bsc#1051510).\n - ALSA: line6: Avoid polluting led_* namespace (bsc#1051510).\n - ALSA: line6: use dynamic buffers (bsc#1051510).\n - ALSA: PCM: check if ops are defined before suspending PCM (bsc#1051510).\n - ALSA: seq: Align temporary re-locking with irqsave version (bsc#1051510).\n - ALSA: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock()\n (bsc#1051510).\n - ALSA: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510).\n - ALSA: seq: Fix OOB-reads from strlcpy (bsc#1051510).\n - ALSA: seq: Fix race of get-subscription call vs port-delete ioctls\n (bsc#1051510).\n - ALSA: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510).\n - ALSA: seq: Protect racy pool manipulation from OSS sequencer\n (bsc#1051510).\n - ALSA: seq: Remove superfluous irqsave flags (bsc#1051510).\n - ALSA: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510).\n - ALSA: timer: Check ack_list emptiness instead of bit flag (bsc#1051510).\n - ALSA: timer: Coding style fixes (bsc#1051510).\n - ALSA: timer: Make snd_timer_close() really kill pending actions\n (bsc#1051510).\n - ALSA: timer: Make sure to clear pending ack list (bsc#1051510).\n - ALSA: timer: Revert active callback sync check at close (bsc#1051510).\n - ALSA: timer: Simplify error path in snd_timer_open() (bsc#1051510).\n - ALSA: timer: Unify timer callback process code (bsc#1051510).\n - ALSA: usb-audio: Fix a memory leak bug (bsc#1051510).\n - ALSA: usb-audio: Handle the error from\n snd_usb_mixer_apply_create_quirk() (bsc#1051510).\n - ALSA: usx2y: fix a double free bug (bsc#1051510).\n - ASoC: cs4270: Set auto-increment bit for register writes (bsc#1051510).\n - ASoC: fix valid stream condition (bsc#1051510).\n - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe\n (bsc#1051510).\n - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510).\n - ASoC: fsl_esai: Fix missing break in switch statement (bsc#1051510).\n - ASoC: hdmi-codec: fix S/PDIF DAI (bsc#1051510).\n - ASoC: Intel: avoid Oops if DMA setup fails (bsc#1051510).\n - ASoC: max98090: Fix restore of DAPM Muxes (bsc#1051510).\n - ASoC: nau8810: fix the issue of widget with prefixed name (bsc#1051510).\n - ASoC: nau8824: fix the issue of the widget with prefix name\n (bsc#1051510).\n - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510).\n - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate\n (bsc#1051510).\n - ASoC:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510).\n - ASoC: stm32: fix sai driver name initialisation (bsc#1051510).\n - ASoC: tlv320aic32x4: Fix Common Pins (bsc#1051510).\n - ASoC: topology: free created components in tplg load error (bsc#1051510).\n - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510).\n - assume flash part size to be 4MB, if it can't be determined\n (bsc#1127371).\n - at76c50x-usb: Do not register led_trigger if usb_register_driver failed\n (bsc#1051510).\n - ath10k: avoid possible string overflow (bsc#1051510).\n - audit: fix a memleak caused by auditing load module (bsc#1051510).\n - b43: shut up clang -Wuninitialized variable warning (bsc#1051510).\n - batman-adv: Reduce claim hash refcnt only for removed entry\n (bsc#1051510).\n - batman-adv: Reduce tt_global hash refcnt only for removed entry\n (bsc#1051510).\n - batman-adv: Reduce tt_local hash refcnt only for removed entry\n (bsc#1051510).\n - bcache: account size of buckets used in uuid write to\n ca->meta_sectors_written (bsc#1130972).\n - bcache: add a comment in super.c (bsc#1130972).\n - bcache: add code comments for bset.c (bsc#1130972).\n - bcache: add comment for cache_set->fill_iter (bsc#1130972).\n - bcache: add identifier names to arguments of function definitions\n (bsc#1130972).\n - bcache: add missing SPDX header (bsc#1130972).\n - bcache: add MODULE_DESCRIPTION information (bsc#1130972).\n - bcache: add separate workqueue for journal_write to avoid deadlock\n (bsc#1130972).\n - bcache: add static const prefix to char * array declarations\n (bsc#1130972).\n - bcache: add sysfs_strtoul_bool() for setting bit-field variables\n (bsc#1130972).\n - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).\n - bcache: cannot set writeback_running via sysfs if no writeback kthread\n created (bsc#1130972).\n - bcache: correct dirty data statistics (bsc#1130972).\n - bcache: do not assign in if condition in bcache_init() (bsc#1130972).\n - bcache: do not assign in if condition register_bcache() (bsc#1130972).\n - bcache: do not check if debug dentry is ERR or NULL explicitly on remove\n (bsc#1130972).\n - bcache: do not check NULL pointer before calling kmem_cache_destroy\n (bsc#1130972).\n - bcache: do not clone bio in bch_data_verify (bsc#1130972).\n - bcache: do not mark writeback_running too early (bsc#1130972).\n - bcache: export backing_dev_name via sysfs (bsc#1130972).\n - bcache: export backing_dev_uuid via sysfs (bsc#1130972).\n - bcache: fix code comments style (bsc#1130972).\n - bcache: fix indentation issue, remove tabs on a hunk of code\n (bsc#1130972).\n - bcache: fix indent by replacing blank by tabs (bsc#1130972).\n - bcache: fix input integer overflow of congested threshold (bsc#1130972).\n - bcache: fix input overflow to cache set io_error_limit (bsc#1130972).\n - bcache: fix input overflow to cache set sysfs file io_error_halflife\n (bsc#1130972).\n - bcache: fix input overflow to journal_delay_ms (bsc#1130972).\n - bcache: fix input overflow to sequential_cutoff (bsc#1130972).\n - bcache: fix input overflow to writeback_delay (bsc#1130972).\n - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).\n - bcache: fix ioctl in flash device (bsc#1130972).\n - bcache: fix mistaken code comments in bcache.h (bsc#1130972).\n - bcache: fix mistaken comments in request.c (bsc#1130972).\n - bcache: fix potential div-zero error of writeback_rate_i_term_inverse\n (bsc#1130972).\n - bcache: fix potential div-zero error of writeback_rate_p_term_inverse\n (bsc#1130972).\n - bcache: fix typo in code comments of closure_return_with_destructor()\n (bsc#1130972).\n - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).\n - bcache: improve sysfs_strtoul_clamp() (bsc#1130972).\n - bcache: introduce force_wake_up_gc() (bsc#1130972).\n - bcache: make cutoff_writeback and cutoff_writeback_sync tunable\n (bsc#1130972).\n - bcache: Move couple of functions to sysfs.c (bsc#1130972).\n - bcache: Move couple of string arrays to sysfs.c (bsc#1130972).\n - bcache: move open brace at end of function definitions to next line\n (bsc#1130972).\n - bcache: never writeback a discard operation (bsc#1130972).\n - bcache: not use hard coded memset size in bch_cache_accounting_clear()\n (bsc#1130972).\n - bcache: option to automatically run gc thread after writeback\n (bsc#1130972).\n - bcache: panic fix for making cache device (bsc#1130972).\n - bcache: Populate writeback_rate_minimum attribute (bsc#1130972).\n - bcache: prefer 'help' in Kconfig (bsc#1130972).\n - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).\n - bcache: recal cached_dev_sectors on detach (bsc#1130972).\n - bcache: remove unnecessary space before ioctl function pointer arguments\n (bsc#1130972).\n - bcache: remove unused bch_passthrough_cache (bsc#1130972).\n - bcache: remove useless parameter of bch_debug_init() (bsc#1130972).\n - bcache: Replace bch_read_string_list() by __sysfs_match_string()\n (bsc#1130972).\n - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).\n - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).\n - bcache: replace printk() by pr_*() routines (bsc#1130972).\n - bcache: replace Symbolic permissions by octal permission numbers\n (bsc#1130972).\n - bcache: set writeback_percent in a flexible range (bsc#1130972).\n - bcache: split combined if-condition code into separate ones\n (bsc#1130972).\n - bcache: stop bcache device when backing device is offline (bsc#1130972).\n - bcache: stop using the deprecated get_seconds() (bsc#1130972).\n - bcache: style fixes for lines over 80 characters (bsc#1130972).\n - bcache: style fix to add a blank line after declarations (bsc#1130972).\n - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).\n - bcache: treat stale && dirty keys as bad keys (bsc#1130972).\n - bcache: trivial - remove tailing backslash in macro BTREE_FLAG\n (bsc#1130972).\n - bcache: update comment for bch_data_insert (bsc#1130972).\n - bcache: update comment in sysfs.c (bsc#1130972).\n - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in\n __bch_bucket_alloc_set (bsc#1130972).\n - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata\n (bsc#1130972).\n - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).\n - bcache: use routines from lib/crc64.c for CRC64 calculation\n (bsc#1130972).\n - bcache: use sysfs_strtoul_bool() to set bit-field variables\n (bsc#1130972).\n - blkcg: Introduce blkg_root_lookup() (bsc#1131673).\n - blkcg: Make blkg_root_lookup() work for queues in bypass mode\n (bsc#1131673).\n - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues\n (bsc#1131673).\n - blk-mq: Avoid that submitting a bio concurrently with device removal\n triggers a crash (bsc#1131673).\n - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs\n (bsc#1131673).\n - blk-mq: fallback to previous nr_hw_queues when updating fails\n (bsc#1131673).\n - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673).\n - blk-mq: realloc hctx when hw queue is mapped to another node\n (bsc#1131673).\n - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter\n (bsc#1131673).\n - block: check_events: do not bother with events if unsupported\n (bsc#1110946, bsc#1119843).\n - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).\n - block: Ensure that a request queue is dissociated from the cgroup\n controller (bsc#1131673).\n - block: Fix a race between request queue removal and the block cgroup\n controller (bsc#1131673).\n - block: Introduce blk_exit_queue() (bsc#1131673).\n - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673).\n - block: remove bio_rewind_iter() (bsc#1131673).\n - bluetooth: Align minimum encryption key size for LE and BR/EDR\n connections (bsc#1051510).\n - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510).\n - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt\n (bsc#1051510).\n - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf()\n (bsc#1133731).\n - bluetooth: hidp: fix buffer overflow (bsc#1051510).\n - bnxt_en: Drop oversize TX packets to prevent errors\n (networking-stable-19_03_07).\n - bonding: fix PACKET_ORIGDEV regression (git-fixes).\n - bpf: fix use after free in bpf_evict_inode (bsc#1083647).\n - brcm80211: potential NULL dereference in\n brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510).\n - btrfs: add a helper to return a head ref (bsc#1134813).\n - btrfs: Avoid possible qgroup_rsv_size overflow in\n btrfs_calculate_inode_block_rsv_size (git-fixes).\n - btrfs: breakout empty head cleanup to a helper (bsc#1134813).\n - btrfs: check for refs on snapshot delete resume (bsc#1131335).\n - btrfs: delayed-ref: Introduce better documented delayed ref structures\n (bsc#1063638 bsc#1128052 bsc#1108838).\n - btrfs: Do not panic when we can't find a root key (bsc#1112063).\n - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref\n (bsc#1063638 bsc#1128052 bsc#1108838).\n - btrfs: Factor out common delayed refs init code (bsc#1134813).\n - btrfs: fix assertion failure on fsync with NO_HOLES enabled\n (bsc#1131848).\n - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes).\n - btrfs: fix incorrect file size after shrinking truncate and fsync\n (bsc#1130195).\n - btrfs: Introduce init_delayed_ref_head (bsc#1134813).\n - btrfs: move all ref head cleanup to the helper function (bsc#1134813).\n - btrfs: move extent_op cleanup to a helper (bsc#1134813).\n - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).\n - btrfs: Open-code add_delayed_data_ref (bsc#1134813).\n - btrfs: Open-code add_delayed_tree_ref (bsc#1134813).\n - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head\n to btrfs_qgroup_extent_record (bsc#1134162).\n - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release\n (bsc#1134160).\n - btrfs: remove delayed_ref_node from ref_head (bsc#1134813).\n - btrfs: remove WARN_ON in log_dir_items (bsc#1131847).\n - btrfs: save drop_progress if we drop refs at all (bsc#1131336).\n - btrfs: split delayed ref head initialization and addition (bsc#1134813).\n - btrfs: track refs in a rb_tree instead of a list (bsc#1134813).\n - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).\n - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).\n - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).\n - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510).\n - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).\n - ceph: fix ci->i_head_snapc leak (bsc#1122776).\n - ceph: fix use-after-free on symlink traversal (bsc#1134459).\n - ceph: only use d_name directly when parent is locked (bsc#1134460).\n - cgroup: fix parsing empty mount option string (bsc#1133094).\n - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510).\n - cifs: do not dereference smb_file_target before null check (bsc#1051510).\n - cifs: Do not hide EINTR after sending network packets (bsc#1051510).\n - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510).\n - cifs: Do not reset lease state to NONE on lease break (bsc#1051510).\n - cifs: Fix adjustment of credits for MTU requests (bsc#1051510).\n - cifs: Fix credit calculation for encrypted reads with errors\n (bsc#1051510).\n - cifs: Fix credits calculations for reads with errors (bsc#1051510).\n - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542).\n - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510).\n - cifs: Fix potential OOB access of lock element array (bsc#1051510).\n - cifs: Fix read after write for files with read caching (bsc#1051510).\n - clk: fractional-divider: check parent rate only if flag is set\n (bsc#1051510).\n - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510).\n - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510).\n - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510).\n - clk: x86: Add system specific quirk to mark clocks as critical\n (bsc#1051510).\n - cpupowerutils: bench - Fix cpu online check (bsc#1051510).\n - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).\n - crypto: arm/aes-neonbs - do not access already-freed walk.iv\n (bsc#1051510).\n - crypto: caam - add missing put_device() call (bsc#1129770).\n - crypto: ccm - fix incompatibility between "ccm" and "ccm_base"\n (bsc#1051510).\n - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails\n (bsc#1051510).\n - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510).\n - crypto: crct10dif-generic - fix use via crypto_shash_digest()\n (bsc#1051510).\n - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510).\n - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510).\n - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"\n (bsc#1051510).\n - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510).\n - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510).\n - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510).\n - crypto: skcipher - do not WARN on unprocessed data after slow walk step\n (bsc#1051510).\n - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510).\n - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510).\n - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()\n (bsc#1051510).\n - crypto: x86/poly1305 - fix overflow during partial reduction\n (bsc#1051510).\n - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick\n (bsc#1127371).\n - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371).\n - cxgb4: Add flag tc_flower_initialized (bsc#1127371).\n - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371).\n - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371).\n - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371).\n - cxgb4: add per rx-queue counter for packet errors (bsc#1127371).\n - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371).\n - cxgb4: add support to display DCB info (bsc#1127371).\n - cxgb4: Add support to read actual provisioned resources (bsc#1127371).\n - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371).\n - cxgb4: collect hardware queue descriptors (bsc#1127371).\n - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371).\n - cxgb4: convert flower table to use rhashtable (bsc#1127371).\n - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability\n (bsc#1127371).\n - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371).\n - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374).\n - cxgb4/cxgb4vf: Link management changes (bsc#1127371).\n - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac()\n (bsc#1127371).\n - cxgb4: display number of rx and tx pages free (bsc#1127371).\n - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371).\n - cxgb4: Export sge_host_page_size to ulds (bsc#1127371).\n - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371).\n - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371).\n - cxgb4: Mask out interrupts that are not enabled (bsc#1127175).\n - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371).\n - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm\n (bsc#1127371).\n - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371).\n - cxgb4: remove the unneeded locks (bsc#1127371).\n - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371).\n - cxgb4: Support ethtool private flags (bsc#1127371).\n - cxgb4: update supported DCB version (bsc#1127371).\n - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371).\n - cxgb4vf: Few more link management changes (bsc#1127374).\n - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374).\n - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374).\n - device_cgroup: fix RCU imbalance in error case (bsc#1051510).\n - Disable kgdboc failed by echo space to\n /sys/module/kgdboc/parameters/kgdboc (bsc#1051510).\n - dmaengine: axi-dmac: Do not check the number of frames for alignment\n (bsc#1051510).\n - dmaengine: imx-dma: fix warning comparison of distinct pointer types\n (bsc#1051510).\n - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510).\n - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid\n (bsc#1051510).\n - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510).\n - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510).\n - dm: disable DISCARD if the underlying storage no longer supports it\n (bsc#1114638).\n - drivers: hv: vmbus: Offload the handling of channels to two workqueues\n (bsc#1130567).\n - drivers: hv: vmbus: Reset the channel callback in\n vmbus_onoffer_rescind() (bsc#1130567).\n - drm: Auto-set allow_fb_modifiers when given modifiers at plane init\n (bsc#1051510).\n - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs\n (bsc#1113722)\n - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers\n (bsc#1051510).\n - drm/fb-helper: dpms_legacy(): Only set on connectors in use\n (bsc#1051510).\n - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510).\n - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722)\n - drm/i915/gvt: Annotate iomem usage (bsc#1051510).\n - drm/i915/gvt: do not deliver a workload if its creation fails\n (bsc#1051510).\n - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722)\n - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list\n (bnc#1113722)\n - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check\n (bsc#1051510).\n - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()\n (bsc#1113722)\n - drm/mediatek: fix possible object reference leak (bsc#1051510).\n - drm/meson: add size and alignment requirements for dumb buffers\n (bnc#1113722)\n - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510).\n - drm/meson: Uninstall IRQ handler (bsc#1051510).\n - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510).\n - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510).\n - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510).\n - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722)\n - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind\n (bsc#1113722)\n - drm/sun4i: Fix component unbinding and component master deletion\n (bsc#1113722)\n - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)\n - drm/sun4i: Set device driver data at bind time for use in unbind\n (bsc#1113722)\n - drm/sun4i: Unbind components before releasing DRM and memory\n (bsc#1113722)\n - drm/ttm: Remove warning about inconsistent mapping information\n (bnc#1131488)\n - drm/udl: add a release method and delay modeset teardown (bsc#1085536)\n - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722)\n - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit\n (networking-stable-19_02_20).\n - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings\n (bsc#1129770).\n - dwc2: gadget: Fix completed transfer size calculation in DDMA\n (bsc#1051510).\n - e1000e: fix cyclic resets at link up with active tx (bsc#1051510).\n - e1000e: Fix -Wformat-truncation warnings (bsc#1051510).\n - ext2: Fix underflow in ext2_max_size() (bsc#1131174).\n - ext4: add mask of ext4 flags to swap (bsc#1131170).\n - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176).\n - ext4: brelse all indirect buffer in ext4_ind_remove_space()\n (bsc#1131173).\n - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851).\n - ext4: cleanup pagecache before swap i_data (bsc#1131178).\n - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177).\n - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172).\n - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180).\n - ext4: fix NULL pointer dereference while journal is aborted\n (bsc#1131171).\n - ext4: update quota information while swapping boot loader inode\n (bsc#1131179).\n - fbdev: fbmem: fix memory access if logo is bigger than the screen\n (bsc#1051510).\n - fix cgroup_do_mount() handling of failure exits (bsc#1133095).\n - Fix kabi after "md: batch flush requests." (bsc#1119680).\n - Fix struct page kABI after adding atomic for ppc (bsc#1131326,\n bsc#1108937).\n - fm10k: Fix a potential NULL pointer dereference (bsc#1051510).\n - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range()\n (bsc#1132384, bsc#1132219).\n - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes).\n - futex: Cure exit race (bsc#1050549).\n - futex: Ensure that futex address is aligned in handle_futex_death()\n (bsc#1050549).\n - futex: Handle early deadlock return correctly (bsc#1050549).\n - ghes, EDAC: Fix ghes_edac registration (bsc#1133176).\n - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input\n (bsc#1051510).\n - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510).\n - gpio: gpio-omap: fix level interrupt idling (bsc#1051510).\n - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510).\n - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes).\n - hid: debug: fix race condition with between rdesc_show() and device\n removal (bsc#1051510).\n - hid: i2c-hid: Ignore input report if there's no data present on Elan\n touchpanels (bsc#1133486).\n - hid: input: add mapping for Assistant key (bsc#1051510).\n - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510).\n - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR\n busy_clear bit (bsc#1051510).\n - hid: logitech: check the return value of create_singlethread_workqueue\n (bsc#1051510).\n - hv_netvsc: Fix IP header checksum for coalesced packets\n (networking-stable-19_03_07).\n - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses\n (bsc#1051510).\n - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses\n (bsc#1051510).\n - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses\n (bsc#1051510).\n - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses\n (bsc#1051510).\n - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses\n (bsc#1051510).\n - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses\n (bsc#1051510).\n - hwrng: virtio - Avoid repeated init of completion (bsc#1051510).\n - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193).\n - ibmvnic: Enable GRO (bsc#1132227).\n - ibmvnic: Fix completion structure initialization (bsc#1131659).\n - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227).\n - iio: adc: at91: disable adc channel interrupt in timeout case\n (bsc#1051510).\n - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510).\n - iio: ad_sigma_delta: select channel when reading register (bsc#1051510).\n - iio: core: fix a possible circular locking dependency (bsc#1051510).\n - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510).\n - iio: dac: mcp4725: add missing powerdown bits in store eeprom\n (bsc#1051510).\n - iio: Fix scan mask selection (bsc#1051510).\n - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510).\n - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510).\n - Input: introduce KEY_ASSISTANT (bsc#1051510).\n - Input: snvs_pwrkey - initialize necessary driver data before enabling\n IRQ (bsc#1051510).\n - Input: synaptics-rmi4 - write config register values to the right offset\n (bsc#1051510).\n - intel_idle: add support for Jacobsville (jsc#SLE-5394).\n - intel_th: msu: Fix single mode with IOMMU (bsc#1051510).\n - intel_th: pci: Add Comet Lake support (bsc#1051510).\n - io: accel: kxcjk1013: restore the range after resume (bsc#1051510).\n - iommu/amd: Set exclusion range correctly (bsc#1130425).\n - iommu/vt-d: Do not request page request irq under dmar_global_lock\n (bsc#1135006).\n - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU\n (bsc#1135007).\n - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008).\n - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes).\n - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193).\n - ipmi:ssif: compare block number correctly for multi-part return messages\n (bsc#1051510).\n - ipmi_ssif: Remove duplicate NULL check (bsc#1108193).\n - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07).\n - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes).\n - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24).\n - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07).\n - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes).\n - ipvlan: disallow userns cap_net_admin to change global mode/flags\n (networking-stable-19_03_15).\n - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes).\n - It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes).\n - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371).\n - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770).\n - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770).\n - jbd2: clear dirty flag when revoking a buffer from an older transaction\n (bsc#1131167).\n - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168).\n - kABI: restore icmp_send (kabi).\n - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis\n (bsc#1127372)\n - kABI workaround for removed usb_interface.pm_usage_cnt field\n (bsc#1051510).\n - kABI workaround for snd_seq_kernel_client_enqueue() API changes\n (bsc#1051510).\n - kbuild: modversions: Fix relative CRC byte order interpretation\n (bsc#1131290).\n - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729).\n - kcm: switch order of device registration to fix a crash (bnc#1130527).\n - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv\n (bsc#1051510).\n - kernel/sysctl.c: fix out-of-bounds access when setting file-max\n (bsc#1051510).\n - kernfs: do not set dentry->d_fsdata (boo#1133115).\n - KEYS: always initialize keyring_index_key::desc_len (bsc#1051510).\n - KEYS: user: Align the payload buffer (bsc#1051510).\n - KVM: Call kvm_arch_memslots_updated() before updating memslots\n (bsc#1132563).\n - KVM: Fix kABI for AMD SMAP Errata workaround (bsc#1133149).\n - KVM: Fix UAF in nested posted interrupt processing (bsc#1134199).\n - KVM: nVMX: Apply addr size mask to effective address for VMX\n instructions (bsc#1132561).\n - KVM: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200).\n - KVM: nVMX: Ignore limit checks on VMX instructions using flat segments\n (bsc#1132564).\n - KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail\n (bsc#1134201).\n - KVM: nVMX: Sign extend displacements of VMX instr's mem operands\n (bsc#1132562).\n - KVM: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode\n switch (bsc#1061840).\n - KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)\n (bsc#1133149).\n - KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run\n (bsc#1132555).\n - KVM: VMX: Zero out *all* general purpose registers after VM-Exit\n (bsc#1134202).\n - KVM: x86: Always use 32-bit SMRAM save state for 32-bit kernels\n (bsc#1134203).\n - KVM: x86: Do not clear EFER during SMM transitions for 32-bit vCPU\n (bsc#1134204).\n - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279).\n - KVM: x86/mmu: Detect MMIO generation wrap in any address space\n (bsc#1132570).\n - KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux\n (bsc#1132571).\n - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331).\n - KVM: x86: svm: make sure NMI is injected after nmi_singlestep\n (bsc#1134205).\n - leds: avoid races with workqueue (bsc#1051510).\n - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510).\n - lib: add crc64 calculation routines (bsc#1130972).\n - libata: fix using DMA buffers on stack (bsc#1051510).\n - lib: do not depend on linux headers being installed (bsc#1130972).\n - lightnvm: if LUNs are already allocated fix return (bsc#1085535).\n - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()\n (bsc#1051510).\n - Linux v5.0-rc7: bcm2835 MMC issues (bsc#1070872).\n - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to\n a new <linux/bits.h> file (bsc#1111331).\n - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).\n - mac80211: do not call driver wake_tx_queue op during reconfig\n (bsc#1051510).\n - md: batch flush requests (bsc#1119680).\n - md: Fix failed allocation of md_register_thread (git-fixes).\n - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes).\n - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes).\n - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510).\n - media: cx23885: check allocation return (bsc#1051510).\n - media: davinci-isif: avoid uninitialized variable use (bsc#1051510).\n - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510).\n - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510).\n - media: mtk-jpeg: Correct return type for mem2mem buffer helpers\n (bsc#1051510).\n - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers\n (bsc#1051510).\n - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510).\n - media: pvrusb2: Prevent a buffer overflow (bsc#1129770).\n - media: s5p-g2d: Correct return type for mem2mem buffer helpers\n (bsc#1051510).\n - media: s5p-jpeg: Correct return type for mem2mem buffer helpers\n (bsc#1051510).\n - media: serial_ir: Fix use-after-free in serial_ir_init_module\n (bsc#1051510).\n - media: sh_veu: Correct return type for mem2mem buffer helpers\n (bsc#1051510).\n - media: tw5864: Fix possible NULL pointer dereference in\n tw5864_handle_frame (bsc#1051510).\n - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap\n (bsc#1051510).\n - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510).\n - media: wl128x: prevent two potential buffer overflows (bsc#1051510).\n - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S\n (bsc#1051510).\n - missing barriers in some of unix_sock ->addr and ->path accesses\n (networking-stable-19_03_15).\n - mmc: core: fix possible use after free of host (bsc#1051510).\n - mmc: davinci: remove extraneous __init annotation (bsc#1051510).\n - mmc: sdhci: Fix data command CRC error handling (bsc#1051510).\n - mmc: sdhci: Handle auto-command errors (bsc#1051510).\n - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR\n (bsc#1051510).\n - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510).\n - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934).\n - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd()\n (bsc#1126740).\n - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate()\n (bsc#1131935).\n - mm/vmalloc: fix size check for remap_vmalloc_range_partial()\n (bsc#1133825).\n - mpls: Return error for RTA_GATEWAY attribute\n (networking-stable-19_03_07).\n - mt7601u: bump supported EEPROM version (bsc#1051510).\n - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510).\n - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device\n (bsc#1051510).\n - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol\n (bsc#1051510).\n - mtd: part: fix incorrect format specifier for an unsigned long long\n (bsc#1051510).\n - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on\n read/write (bsc#1129770).\n - mwifiex: do not advertise IBSS features without FW support (bsc#1129770).\n - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510).\n - mwifiex: prevent an array overflow (bsc#1051510).\n - mwl8k: Fix rate_idx underflow (bsc#1051510).\n - net: Add header for usage of fls64() (networking-stable-19_02_20).\n - net: Add __icmp_send helper (networking-stable-19_03_07).\n - net: avoid false positives in untrusted gso validation (git-fixes).\n - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes).\n - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07).\n - net: bridge: add vlan_tunnel to bridge port policies (git-fixes).\n - net: bridge: fix per-port af_packet sockets (git-fixes).\n - net: bridge: multicast: use rcu to access port list from\n br_multicast_start_querier (git-fixes).\n - net: datagram: fix unbounded loop in __skb_try_recv_datagram()\n (git-fixes).\n - net: Do not allocate page fragments that are not skb aligned\n (networking-stable-19_02_20).\n - net: dsa: legacy: do not unmask port bitmaps (git-fixes).\n - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07).\n - netfilter: bridge: ebt_among: add missing match size checks (git-fixes).\n - netfilter: bridge: ebt_among: add more missing match size checks\n (git-fixes).\n - netfilter: bridge: set skb transport_header before entering\n NF_INET_PRE_ROUTING (git-fixes).\n - netfilter: drop template ct when conntrack is skipped (git-fixes).\n - netfilter: ip6t_MASQUERADE: add dependency on conntrack module\n (git-fixes).\n - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to\n ip_set_net_exit() (git-fixes).\n - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt\n (git-fixes).\n - netfilter: nf_socket: Fix out of bounds access in\n nf_sk_lookup_slow_v{4,6} (git-fixes).\n - netfilter: x_tables: avoid out-of-bounds reads in\n xt_request_find_{match|target} (git-fixes).\n - netfilter: x_tables: fix int overflow in xt_alloc_table_info()\n (git-fixes).\n - net: Fix for_each_netdev_feature on Big endian\n (networking-stable-19_02_20).\n - net: fix IPv6 prefix route residue (networking-stable-19_02_20).\n - net: Fix untag for vlan packets without ethernet header (git-fixes).\n - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off\n (git-fixes).\n - net/hsr: Check skb_put_padto() return value (git-fixes).\n - net: hsr: fix memory leak in hsr_dev_finalize()\n (networking-stable-19_03_15).\n - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15).\n - net/ibmvnic: Update carrier state after link state change (bsc#1135100).\n - net/ibmvnic: Update MAC address settings after adapter reset\n (bsc#1134760).\n - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07).\n - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes).\n - net/mlx5e: Do not overwrite pedit action when multiple pedit used\n (networking-stable-19_02_24).\n - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails\n (networking-stable-19_03_07).\n - net/packet: fix 4gb buffer limit due to overflow check\n (networking-stable-19_02_24).\n - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes).\n - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes).\n - net_sched: fix two more memory leaks in cls_tcindex\n (networking-stable-19_02_24).\n - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255\n (networking-stable-19_03_15).\n - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07).\n - net: sit: fix UBSAN Undefined behaviour in check_6rd\n (networking-stable-19_03_15).\n - net: socket: set sock->sk to NULL after calling proto_ops::release()\n (networking-stable-19_03_07).\n - net: validate untrusted gso packets without csum offload\n (networking-stable-19_02_20).\n - net/x25: fix a race in x25_bind() (networking-stable-19_03_15).\n - net/x25: fix use-after-free in x25_device_event()\n (networking-stable-19_03_15).\n - net/x25: reset state in x25_connect() (networking-stable-19_03_15).\n - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()\n (git-fixes).\n - NFC: nci: Add some bounds checking in nci_hci_cmd_received()\n (bsc#1051510).\n - NFS: Add missing encode / decode sequence_maxsz to v4.2 operations\n (git-fixes).\n - nfsd4: catch some false session retries (git-fixes).\n - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes).\n - NFS: Do not recoalesce on error in nfs_pageio_complete_mirror()\n (git-fixes).\n - NFS: Do not use page_file_mapping after removing the page (git-fixes).\n - NFS: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes).\n - NFS: Fix a soft lockup in the delegation recovery code (git-fixes).\n - NFS: Fix a typo in nfs_init_timeout_values() (git-fixes).\n - NFS: Fix dentry revalidation on NFSv4 lookup (bsc#1132618).\n - NFS: Fix I/O request leakages (git-fixes).\n - NFS: fix mount/umount race in nlmclnt (git-fixes).\n - NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount\n (git-fixes).\n - NFSv4.1 do not free interrupted slot on open (git-fixes).\n - NFSv4.1: Reinitialise sequence results before retransmitting a request\n (git-fixes).\n - NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes).\n - nvme: add proper discard setup for the multipath device (bsc#1114638).\n - nvme: fix the dangerous reference of namespaces list (bsc#1131673).\n - nvme: make sure ns head inherits underlying device limits (bsc#1131673).\n - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration\n (bsc#1129273).\n - nvme-multipath: split bios with the ns_head bio_set before submitting\n (bsc#1103259, bsc#1131673).\n - nvme: only reconfigure discard if necessary (bsc#1114638).\n - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock\n (bsc#1131169).\n - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on\n OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393.\n - omapfb: add missing of_node_put after of_device_is_available\n (bsc#1051510).\n - openvswitch: add seqadj extension when NAT is used (bsc#1051510).\n - openvswitch: fix flow actions reallocation (bsc#1051510).\n - packet: validate msg_namelen in send directly (git-fixes).\n - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller\n (bsc#1051510).\n - PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable\n (bsc#1051510).\n - PCI: pciehp: Convert to threaded IRQ (bsc#1133005).\n - PCI: pciehp: Ignore Link State Changes after powering off a slot\n (bsc#1133005).\n - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode\n (bsc#1051510).\n - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs\n (bsc#1051510).\n - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510).\n - platform/x86: dell-rbtn: Add missing #include (bsc#1051510).\n - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510).\n - platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning"\n (bsc#1051510).\n - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510).\n - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510).\n - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107).\n - powerpc/64: Disable the speculation barrier from the command line\n (bsc#1131107).\n - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls\n (bsc#1088804, git-fixes).\n - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107).\n - powerpc/64s: Add new security feature flags for count cache flush\n (bsc#1131107).\n - powerpc/64s: Add support for software count cache flush (bsc#1131107).\n - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117).\n - powerpc/64s: Fix page table fragment refcount race vs speculative\n references (bsc#1131326, bsc#1108937).\n - powerpc/asm: Add a patch_site macro & helpers for patching instructions\n (bsc#1131107).\n - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729).\n - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729).\n - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest\n (bsc#1061840).\n - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107).\n - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area\n callback (bsc#1131900).\n - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840).\n - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes).\n - powerpc/mm: Check secondary hash page table (bsc#1065729).\n - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186,\n git-fixes).\n - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area\n topdown search (bsc#1131900).\n - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186,\n git-fixes).\n - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186,\n git-fixes).\n - powerpc/numa: document topology_updates_enabled, disable by default\n (bsc#1133584).\n - powerpc/numa: improve control of topology updates (bsc#1133584).\n - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043).\n - powerpc/perf: Remove l2 bus events from HW cache event array\n (bsc#1053043).\n - powerpc/powernv/cpuidle: Init all present cpus for deep states\n (bsc#1055121).\n - powerpc/powernv: Do not reprogram SLW image on every KVM guest\n entry/exit (bsc#1061840).\n - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840).\n - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace\n addresses on demand (bsc#1061840).\n - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU\n tables (bsc#1061840).\n - powerpc/powernv: Make opal log only readable by root (bsc#1065729).\n - powerpc/powernv: Query firmware for count cache flush settings\n (bsc#1131107).\n - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840).\n - powerpc/pseries: Query hypervisor for count cache flush settings\n (bsc#1131107).\n - powerpc/security: Fix spectre_v2 reporting (bsc#1131107).\n - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178).\n - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587).\n - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038\n (bsc#1131587).\n - proc/kcore: do not bounds check against address 0 (bsc#1051510).\n - proc: revalidate kernel thread inodes to root:root (bsc#1051510).\n - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510).\n - pwm: Fix deadlock warning when removing PWM device (bsc#1051510).\n - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510).\n - pwm: meson: Do not disable PWM when setting duty repeatedly\n (bsc#1051510).\n - pwm: meson: Use the spin-lock only to protect register modifications\n (bsc#1051510).\n - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510).\n - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979).\n - qla2xxx: always allocate qla_tgt_wq (bsc#1131451).\n - qmi_wwan: add Olicard 600 (bsc#1051510).\n - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07).\n - RAS/CEC: Check the correct variable in the debugfs error handling\n (bsc#1085535).\n - ravb: Decrease TxFIFO depth of Q3 and Q2 to one\n (networking-stable-19_03_15).\n - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371).\n - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371).\n - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371).\n - rdma/cxgb4: fix some info leaks (bsc#1127371).\n - RDMA/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371).\n - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371).\n - RDMA/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371).\n - rds: fix refcount bug in rds_sock_addref (git-fixes).\n - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns\n delete (git-fixes).\n - Re-export snd_cards for kABI compatibility (bsc#1051510).\n - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB\n (bsc#1051510).\n - Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex"\n (bsc#1051510).\n - Revert "block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe\n drivers" (bsc#1110946, bsc#1119843).\n - Revert "drm/sun4i: rgb: Change the pixel clock validation check\n (bnc#1113722)"\n - Revert "ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd"\n (bsc#1110946).\n - Revert "tty: pty: Fix race condition between release_one_tty and\n pty_write" (bsc#1051510).\n - ring-buffer: Check if memory is available before allocation\n (bsc#1132531).\n - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race\n (networking-stable-19_03_15).\n - rt2x00: do not increment sequence number while re-transmitting\n (bsc#1051510).\n - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510).\n - rxrpc: Do not release call mutex on error pointer (git-fixes).\n - rxrpc: Do not treat call aborts as conn aborts (git-fixes).\n - rxrpc: Fix client call queueing, waiting for channel\n (networking-stable-19_03_15).\n - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes).\n - s390/dasd: fix panic for failed online processing (bsc#1132589).\n - s390/pkey: move pckmo subfunction available checks away from module init\n (bsc#1128544).\n - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178).\n - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()\n (bsc#1051510).\n - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510).\n - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510).\n - scripts: override locale from environment when running recordmcount.pl\n (bsc#1134354).\n - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467).\n - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature\n (bsc#1130579).\n - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044).\n - sctp: call gso_reset_checksum when computing checksum in\n sctp_gso_segment (networking-stable-19_02_24).\n - sctp: only update outstanding_bytes for transmitted queue when doing\n prsctp_prune (git-fixes).\n - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes).\n - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810).\n - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510).\n - serial: ar933x_uart: Fix build failure with disabled console\n (bsc#1051510).\n - serial: max310x: Fix to avoid potential NULL pointer dereference\n (bsc#1051510).\n - serial: sh-sci: Fix setting SCSCR_TIE while transferring data\n (bsc#1051510).\n - serial: uartps: console_setup() can't be placed to init section\n (bsc#1051510).\n - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()\n (networking-stable-19_02_24).\n - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510).\n - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510).\n - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510).\n - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()\n (bsc#1051510).\n - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510).\n - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios\n (bsc#1051510).\n - spi: bcm2835aux: setup gpio-cs to output and correct level during setup\n (bsc#1051510).\n - spi: bcm2835aux: warn in dmesg that native cs is not really supported\n (bsc#1051510).\n - spi: rspi: Fix sequencer reset during initialization (bsc#1051510).\n - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit\n (bsc#1051510).\n - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf\n (bsc#1051510).\n - staging: comedi: ni_usb6501: Fix use of uninitialized mutex\n (bsc#1051510).\n - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf\n (bsc#1051510).\n - staging: comedi: vmk80xx: Fix use of uninitialized semaphore\n (bsc#1051510).\n - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510).\n - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc\n (bsc#1051510).\n - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510).\n - staging: vt6655: Fix interrupt race condition on device start up\n (bsc#1051510).\n - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510).\n - stm class: Fix an endless loop in channel allocation (bsc#1051510).\n - stm class: Fix channel free in stm output free path (bsc#1051510).\n - stm class: Prevent division by zero (bsc#1051510).\n - sunrpc/cache: handle missing listeners better (bsc#1126221).\n - sunrpc: fix 4 more call sites that were using stack memory with a\n scatterlist (git-fixes).\n - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).\n - supported.conf: Add vxlan to kernel-default-base (bsc#1132083).\n - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base\n (bsc#1131574).\n - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726).\n - svm: Fix AVIC DFR and LDR handling (bsc#1132558).\n - sysctl: handle overflow for file-max (bsc#1051510).\n - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes).\n - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20).\n - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510).\n - thermal/int340x_thermal: fix mode setting (bsc#1051510).\n - tipc: fix race condition causing hung sendto\n (networking-stable-19_03_07).\n - tpm: Fix the type of the return value in calc_tpm2_event_size()\n (bsc#1082555).\n - tracing: Fix a memory leak by early error exit in trace_pid_write()\n (bsc#1133702).\n - tracing: Fix buffer_ref pipe ops (bsc#1133698).\n - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes\n into account (bsc#1132527).\n - tty: atmel_serial: fix a potential NULL pointer dereference\n (bsc#1051510).\n - tty: increase the default flip buffer limit to 2*640K (bsc#1051510).\n - tty: pty: Fix race condition between release_one_tty and pty_write\n (bsc#1051510).\n - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0\n (bsc#1051510).\n - tun: fix blocking read (networking-stable-19_03_07).\n - tun: remove unnecessary memory barrier (networking-stable-19_03_07).\n - UAS: fix alignment of scatter/gather segments (bsc#1129770).\n - udf: Fix crash on IO error during truncate (bsc#1131175).\n - usb: cdc-acm: fix unthrottle races (bsc#1051510).\n - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510).\n - usb: core: Fix bug caused by duplicate interface PM usage counter\n (bsc#1051510).\n - usb: core: Fix unterminated string returned by usb_string()\n (bsc#1051510).\n - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510).\n - usb: f_fs: Avoid crash due to out-of-scope stack ptr access\n (bsc#1051510).\n - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510).\n - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510).\n - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510).\n - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510).\n - usb: mtu3: fix EXTCON dependency (bsc#1051510).\n - usb: serial: cp210x: add new device id (bsc#1051510).\n - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902).\n - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510).\n - usb: serial: fix unthrottle races (bsc#1051510).\n - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510).\n - usb: serial: option: add Olicard 600 (bsc#1051510).\n - usb: serial: option: add support for Quectel EM12 (bsc#1051510).\n - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510).\n - usb: u132-hcd: fix resource leak (bsc#1051510).\n - usb: usb251xb: fix to avoid potential NULL pointer dereference\n (bsc#1051510).\n - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510).\n - usb: w1 ds2490: Fix bug caused by improper use of altsetting array\n (bsc#1051510).\n - usb: yurex: Fix protection fault after device removal (bsc#1051510).\n - vfio/mdev: Avoid release parent reference during error path\n (bsc#1051510).\n - vfio/mdev: Fix aborting mdev child device removal if one fails\n (bsc#1051510).\n - vfio_pci: Enable memory accesses before calling pci_map_rom\n (bsc#1051510).\n - vfio/pci: use correct format characters (bsc#1051510).\n - vfs: allow dedupe of user owned read-only files (bsc#1133778,\n bsc#1132219).\n - vfs: avoid problematic remapping requests into partial EOF block\n (bsc#1133850, bsc#1132219).\n - vfs: dedupe: extract helper for a single dedup (bsc#1133769,\n bsc#1132219).\n - vfs: dedupe should return EPERM if permission is not granted\n (bsc#1133779, bsc#1132219).\n - vfs: exit early from zero length remap operations (bsc#1132411,\n bsc#1132219).\n - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772,\n bsc#1132219).\n - vfs: limit size of dedupe (bsc#1132397, bsc#1132219).\n - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852,\n bsc#1132219).\n - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219).\n - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774,\n bsc#1132219).\n - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from\n beyond EOF (bsc#1133780, bsc#1132219).\n - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510).\n - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510).\n - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510).\n - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510).\n - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510).\n - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510).\n - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock\n (bsc#1051510).\n - vsock/virtio: reset connected sockets on device removal (bsc#1051510).\n - vxlan: test dev->flags & IFF_UP before calling netif_rx()\n (networking-stable-19_02_20).\n - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies\n (bsc#1051510).\n - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure\n (bsc#1051510).\n - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331).\n - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331).\n - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init\n (bsc#1132572).\n - x86/kvm/vmx: Add MDS protection when L1D Flush is not active\n (bsc#1111331).\n - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank\n types (bsc#1128415).\n - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units\n (bsc#1128415).\n - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types\n (bsc#1128415).\n - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type\n (bsc#1128415).\n - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415).\n - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415).\n - x86/mce: Handle varying MCA bank counts (bsc#1128415).\n - x86/msr-index: Cleanup bit defines (bsc#1111331).\n - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318).\n - x86/speculation: Consolidate CPU whitelists (bsc#1111331).\n - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331).\n - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331).\n - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331).\n - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331).\n - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331).\n - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331).\n - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331).\n - x86/speculation/mds: Add SMT warning message (bsc#1111331).\n - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331).\n - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331).\n - x86/speculation/mds: Conditionally clear CPU buffers on idle entry\n (bsc#1111331).\n - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off\n (bsc#1111331).\n - x86/speculation: Move arch_smt_update() call to after mitigation\n decisions (bsc#1111331).\n - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279).\n - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331).\n - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178).\n - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904).\n - xen-netback: do not populate the hash cache on XenBus disconnect\n (networking-stable-19_03_07).\n - xen-netback: fix occasional leak of grant ref mappings under memory\n pressure (networking-stable-19_03_07).\n - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600).\n - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos\n (git-fixes).\n - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes).\n - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes).\n - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes).\n - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes).\n - xfrm: Return error on unknown encap_type in init_state (git-fixes).\n - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674).\n - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes\n (bsc#1132370, bsc#1132219).\n - xfs: call xfs_qm_dqattach before performing reflink operations\n (bsc#1132368, bsc#1132219).\n - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219).\n - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413,\n bsc#1132219).\n - xfs: detect and fix bad summary counts at mount (bsc#1114427).\n - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405,\n bsc#1132219).\n - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407,\n bsc#1132219).\n - xfs: fix pagecache truncation prior to reflink (bsc#1132412,\n bsc#1132219).\n - xfs: fix reporting supported extra file attributes for statx()\n (bsc#1133529).\n - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414,\n bsc#1132219).\n - xfs: hold xfs_buf locked between shortform->leaf conversion and the\n addition of an attribute (bsc#1133675).\n - xfs: kill meaningless variable 'zero' (bsc#1106011).\n - xfs: only grab shared inode locks for source file during reflink\n (bsc#1132372, bsc#1132219).\n - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011).\n - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL\n (bsc#1106011).\n - xfs: refactor clonerange preparation into a separate helper\n (bsc#1132402, bsc#1132219).\n - xfs: refactor xfs_trans_roll (bsc#1133667).\n - xfs: reflink find shared should take a transaction (bsc#1132226,\n bsc#1132219).\n - xfs: reflink should break pnfs leases before sharing blocks\n (bsc#1132369, bsc#1132219).\n - xfs: remove dest file's post-eof preallocations before reflinking\n (bsc#1132365, bsc#1132219).\n - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672).\n - xfs: remove xfs_zero_range (bsc#1106011).\n - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668).\n - xfs: update ctime and remove suid before cloning files (bsc#1132404,\n bsc#1132219).\n - xfs: zero posteof blocks when cloning above eof (bsc#1132403,\n bsc#1132219).\n - xhci: Do not let USB3 ports stuck in polling state prevent suspend\n (bsc#1051510).\n - xhci: Fix port resume done detection for SS ports with LPM enabled\n (bsc#1051510).\n\n", "edition": 1, "modified": "2019-05-16T15:09:29", "published": "2019-05-16T15:09:29", "id": "OPENSUSE-SU-2019:1404-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-31T14:44:01", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11085", "CVE-2018-7191", "CVE-2019-11884", "CVE-2019-9500", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-11486", "CVE-2019-11811", "CVE-2019-11815", "CVE-2019-5489", "CVE-2013-4343", "CVE-2019-3882"], "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-7191: In the tun subsystem dev_get_valid_name xwas not called\n before register_netdevice. This allowed local users to cause a denial of\n service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF)\n call with a dev name containing a / character. This is similar to\n CVE-2013-4343 (bnc#1135603).\n - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux may have allowed an authenticated user\n to potentially enable escalation of privilege via local access\n (bnc#1135278).\n - CVE-2019-11486: The Siemens R3964 line discipline driver in\n drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions\n (bnc#1133188). It was disabled by default.\n - CVE-2019-11811: There is a use-after-free upon attempted read access to\n /proc/ioports after the ipmi_si module is removed, related to\n drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c,\n and drivers/char/ipmi/ipmi_si_port_io.c (bnc#1134397).\n - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in\n net/rds/tcp.c kernel. There is a race condition leading to a\n use-after-free, related to net namespace cleanup (bnc#1134537).\n - CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory\n region in the extent tree block, which might allow local users to obtain\n sensitive information by reading uninitialized data in the filesystem\n (bnc#1135281).\n - CVE-2019-11884: The do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c allowed a local user to obtain potentially\n sensitive information from kernel stack memory via a HIDPCONNADD\n command, because a name field may not end with a '\\0' character\n (bnc#1134848).\n - CVE-2019-3882: A flaw was found in the vfio interface implementation\n that permits violation of the user's locked memory limit. If a device is\n bound to a vfio driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may cause a system\n memory exhaustion and thus a denial of service (DoS). (bnc#1131416\n bnc#1131427).\n - CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed\n local attackers to observe page cache access patterns of other processes\n on the same system, potentially allowing sniffing of secret information.\n (Fixing this affects the output of the fincore program.) Limited remote\n exploitation may be possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server (bnc#1120843).\n - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n was fixed (bnc#1132681).\n - CVE-2019-9503: Multiple brcmfmac frame validation bypasses have been\n fixed (bnc#1132828).\n\n The following non-security bugs were fixed:\n\n - 9p: do not trust pdu content for stat item size (bsc#1051510).\n - 9p locks: add mount option for lock retry interval (bsc#1051510).\n - acpi: Add Hygon Dhyana support ().\n - acpi: Add Hygon Dhyana support (fate#327735).\n - acpi: button: reinitialize button state upon resume (bsc#1051510).\n - acpiCA: AML interpreter: add region addresses in global list during\n initialization (bsc#1051510).\n - acpiCA: Namespace: remove address node from global list after method\n termination (bsc#1051510).\n - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#112128)\n (bsc#1132426).\n - acpi: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle\n (bsc#1111666).\n - acpi: property: restore _DSD data subnodes GUID comment (bsc#1111666).\n - acpi / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510).\n - acpi / utils: Drop reference in test for device presence (bsc#1051510).\n - alsa: core: Do not refer to snd_cards array directly (bsc#1051510).\n - alsa: core: Fix card races between register and disconnect (bsc#1051510).\n - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510).\n - alsa: hda - Add two more machines to the power_save_blacklist\n (bsc#1051510).\n - alsa: hda/hdmi - Consider eld_valid when reporting jack event\n (bsc#1051510).\n - alsa: hda/hdmi - Read the pin sense from register when repolling\n (bsc#1051510).\n - alsa: hda: Initialize power_state field properly (bsc#1051510).\n - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510).\n - alsa: hda/realtek - add two more pin configuration sets to quirk table\n (bsc#1051510).\n - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510).\n - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510).\n - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14)\n (bsc#1051510).\n - alsa: hda/realtek - EAPD turn on later (bsc#1051510).\n - alsa: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with\n ALC233 (bsc#1111666).\n - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510).\n - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone\n bug (bsc#1051510).\n - alsa: hda/realtek - Fixup headphone noise via runtime suspend\n (bsc#1051510).\n - alsa: hda/realtek - Move to ACT_INIT state (bsc#1111666).\n - alsa: hda/realtek - Support low power consumption for ALC256\n (bsc#1051510).\n - alsa: hda/realtek - Support low power consumption for ALC295\n (bsc#1051510).\n - alsa: hda - Register irq handler after the chip initialization\n (bsc#1051510).\n - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510).\n - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14)\n (bsc#1051510).\n - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510).\n - alsa: line6: Avoid polluting led_* namespace (bsc#1051510).\n - alsa: line6: use dynamic buffers (bsc#1051510).\n - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510).\n - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510).\n - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock()\n (bsc#1051510).\n - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510).\n - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510).\n - alsa: seq: Fix race of get-subscription call vs port-delete ioctls\n (bsc#1051510).\n - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510).\n - alsa: seq: Protect racy pool manipulation from OSS sequencer\n (bsc#1051510).\n - alsa: seq: Remove superfluous irqsave flags (bsc#1051510).\n - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510).\n - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510).\n - alsa: timer: Coding style fixes (bsc#1051510).\n - alsa: timer: Make snd_timer_close() really kill pending actions\n (bsc#1051510).\n - alsa: timer: Make sure to clear pending ack list (bsc#1051510).\n - alsa: timer: Revert active callback sync check at close (bsc#1051510).\n - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510).\n - alsa: timer: Unify timer callback process code (bsc#1051510).\n - alsa: usb-audio: Fix a memory leak bug (bsc#1051510).\n - alsa: usb-audio: Handle the error from\n snd_usb_mixer_apply_create_quirk() (bsc#1051510).\n - alsa: usx2y: fix a double free bug (bsc#1051510).\n - appletalk: Fix compile regression (bsc#1051510).\n - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510).\n - ARM: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510).\n - ARM: 8833/1: Ensure that NEON code always compiles with Clang\n (bsc#1051510).\n - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510).\n - ARM: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510).\n - ARM: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510).\n - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time\n (bsc#1051510).\n - ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug\n (bsc#1051510).\n - ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be\n uninitialized (bsc#1051510).\n - ARM: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510).\n - ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510).\n - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos\n platforms (bsc#1051510).\n - ASoC: cs4270: Set auto-increment bit for register writes (bsc#1051510).\n - ASoC: fix valid stream condition (bsc#1051510).\n - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe\n (bsc#1051510).\n - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510).\n - ASoC: fsl_esai: Fix missing break in switch statement (bsc#1051510).\n - ASoC: hdmi-codec: fix S/PDIF DAI (bsc#1051510).\n - ASoC: Intel: avoid Oops if DMA setup fails (bsc#1051510).\n - ASoC: max98090: Fix restore of DAPM Muxes (bsc#1051510).\n - ASoC: nau8810: fix the issue of widget with prefixed name (bsc#1051510).\n - ASoC: nau8824: fix the issue of the widget with prefix name\n (bsc#1051510).\n - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510).\n - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate\n (bsc#1051510).\n - ASoC:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510).\n - ASoC: stm32: fix sai driver name initialisation (bsc#1051510).\n - ASoC: tlv320aic32x4: Fix Common Pins (bsc#1051510).\n - ASoC: topology: free created components in tplg load error (bsc#1051510).\n - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510).\n - assume flash part size to be 4MB, if it can't be determined\n (bsc#1127371).\n - at76c50x-usb: Do not register led_trigger if usb_register_driver failed\n (bsc#1051510).\n - ath10k: avoid possible string overflow (bsc#1051510).\n - ath10k: snoc: fix unbalanced clock error handling (bsc#1111666).\n - audit: fix a memleak caused by auditing load module (bsc#1051510).\n - b43: shut up clang -Wuninitialized variable warning (bsc#1051510).\n - backlight: lm3630a: Return 0 on success in update_status functions\n (bsc#1051510).\n - batman-adv: Reduce claim hash refcnt only for removed entry\n (bsc#1051510).\n - batman-adv: Reduce tt_global hash refcnt only for removed entry\n (bsc#1051510).\n - batman-adv: Reduce tt_local hash refcnt only for removed entry\n (bsc#1051510).\n - bcache: account size of buckets used in uuid write to\n ca->meta_sectors_written (bsc#1130972).\n - bcache: add a comment in super.c (bsc#1130972).\n - bcache: add code comments for bset.c (bsc#1130972).\n - bcache: add comment for cache_set->fill_iter (bsc#1130972).\n - bcache: add identifier names to arguments of function definitions\n (bsc#1130972).\n - bcache: add missing SPDX header (bsc#1130972).\n - bcache: add MODULE_DESCRIPTION information (bsc#1130972).\n - bcache: add separate workqueue for journal_write to avoid deadlock\n (bsc#1130972).\n - bcache: add static const prefix to char * array declarations\n (bsc#1130972).\n - bcache: add sysfs_strtoul_bool() for setting bit-field variables\n (bsc#1130972).\n - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).\n - bcache: cannot set writeback_running via sysfs if no writeback kthread\n created (bsc#1130972).\n - bcache: correct dirty data statistics (bsc#1130972).\n - bcache: do not assign in if condition in bcache_init() (bsc#1130972).\n - bcache: do not assign in if condition register_bcache() (bsc#1130972).\n - bcache: do not check if debug dentry is ERR or NULL explicitly on remove\n (bsc#1130972).\n - bcache: do not check NULL pointer before calling kmem_cache_destroy\n (bsc#1130972).\n - bcache: do not clone bio in bch_data_verify (bsc#1130972).\n - bcache: do not mark writeback_running too early (bsc#1130972).\n - bcache: export backing_dev_name via sysfs (bsc#1130972).\n - bcache: export backing_dev_uuid via sysfs (bsc#1130972).\n - bcache: fix code comments style (bsc#1130972).\n - bcache: fix indentation issue, remove tabs on a hunk of code\n (bsc#1130972).\n - bcache: fix indent by replacing blank by tabs (bsc#1130972).\n - bcache: fix input integer overflow of congested threshold (bsc#1130972).\n - bcache: fix input overflow to cache set io_error_limit (bsc#1130972).\n - bcache: fix input overflow to cache set sysfs file io_error_halflife\n (bsc#1130972).\n - bcache: fix input overflow to journal_delay_ms (bsc#1130972).\n - bcache: fix input overflow to sequential_cutoff (bsc#1130972).\n - bcache: fix input overflow to writeback_delay (bsc#1130972).\n - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).\n - bcache: fix ioctl in flash device (bsc#1130972).\n - bcache: fix mistaken code comments in bcache.h (bsc#1130972).\n - bcache: fix mistaken comments in request.c (bsc#1130972).\n - bcache: fix potential div-zero error of writeback_rate_i_term_inverse\n (bsc#1130972).\n - bcache: fix potential div-zero error of writeback_rate_p_term_inverse\n (bsc#1130972).\n - bcache: fix typo in code comments of closure_return_with_destructor()\n (bsc#1130972).\n - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).\n - bcache: improve sysfs_strtoul_clamp() (bsc#1130972).\n - bcache: introduce force_wake_up_gc() (bsc#1130972).\n - bcache: make cutoff_writeback and cutoff_writeback_sync tunable\n (bsc#1130972).\n - bcache: Move couple of functions to sysfs.c (bsc#1130972).\n - bcache: Move couple of string arrays to sysfs.c (bsc#1130972).\n - bcache: move open brace at end of function definitions to next line\n (bsc#1130972).\n - bcache: never writeback a discard operation (bsc#1130972).\n - bcache: not use hard coded memset size in bch_cache_accounting_clear()\n (bsc#1130972).\n - bcache: option to automatically run gc thread after writeback\n (bsc#1130972).\n - bcache: panic fix for making cache device (bsc#1130972).\n - bcache: Populate writeback_rate_minimum attribute (bsc#1130972).\n - bcache: prefer 'help' in Kconfig (bsc#1130972).\n - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).\n - bcache: recal cached_dev_sectors on detach (bsc#1130972).\n - bcache: remove unnecessary space before ioctl function pointer arguments\n (bsc#1130972).\n - bcache: remove unused bch_passthrough_cache (bsc#1130972).\n - bcache: remove useless parameter of bch_debug_init() (bsc#1130972).\n - bcache: Replace bch_read_string_list() by __sysfs_match_string()\n (bsc#1130972).\n - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).\n - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).\n - bcache: replace printk() by pr_*() routines (bsc#1130972).\n - bcache: replace Symbolic permissions by octal permission numbers\n (bsc#1130972).\n - bcache: set writeback_percent in a flexible range (bsc#1130972).\n - bcache: split combined if-condition code into separate ones\n (bsc#1130972).\n - bcache: stop bcache device when backing device is offline (bsc#1130972).\n - bcache: stop using the deprecated get_seconds() (bsc#1130972).\n - bcache: style fixes for lines over 80 characters (bsc#1130972).\n - bcache: style fix to add a blank line after declarations (bsc#1130972).\n - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).\n - bcache: treat stale && dirty keys as bad keys (bsc#1130972).\n - bcache: trivial - remove tailing backslash in macro BTREE_FLAG\n (bsc#1130972).\n - bcache: update comment for bch_data_insert (bsc#1130972).\n - bcache: update comment in sysfs.c (bsc#1130972).\n - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in\n __bch_bucket_alloc_set (bsc#1130972).\n - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata\n (bsc#1130972).\n - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).\n - bcache: use routines from lib/crc64.c for CRC64 calculation\n (bsc#1130972).\n - bcache: use sysfs_strtoul_bool() to set bit-field variables\n (bsc#1130972).\n - bcm2835: MMC issues (bsc#1070872).\n - blkcg: Introduce blkg_root_lookup() (bsc#1131673).\n - blkcg: Make blkg_root_lookup() work for queues in bypass mode\n (bsc#1131673).\n - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues\n (bsc#1131673).\n - blk-mq: Avoid that submitting a bio concurrently with device removal\n triggers a crash (bsc#1131673).\n - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs\n (bsc#1131673).\n - blk-mq: fallback to previous nr_hw_queues when updating fails\n (bsc#1131673).\n - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673).\n - blk-mq: realloc hctx when hw queue is mapped to another node\n (bsc#1131673).\n - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter\n (bsc#1131673).\n - block: check_events: do not bother with events if unsupported\n (bsc#1110946, bsc#1119843).\n - block: check_events: do not bother with events if unsupported\n (bsc#1110946, bsc#1119843).\n - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).\n - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).\n - block: do not leak memory in bio_copy_user_iov() (bsc#1135309).\n - block: Ensure that a request queue is dissociated from the cgroup\n controller (bsc#1131673).\n - block: Fix a race between request queue removal and the block cgroup\n controller (bsc#1131673).\n - block: fix the return errno for direct IO (bsc#1135320).\n - block: fix use-after-free on gendisk (bsc#1135312).\n - block: Introduce blk_exit_queue() (bsc#1131673).\n - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673).\n - block: remove bio_rewind_iter() (bsc#1131673).\n - Bluetooth: Align minimum encryption key size for LE and BR/EDR\n connections (bsc#1051510).\n - Bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510).\n - Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf()\n (bsc#1133731).\n - Bluetooth: hidp: fix buffer overflow (bsc#1051510).\n - bnxt_en: Drop oversize TX packets to prevent errors\n (networking-stable-19_03_07).\n - bnxt_en: Improve RX consumer index validity check\n (networking-stable-19_04_10).\n - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10).\n - bonding: fix PACKET_ORIGDEV regression (git-fixes).\n - bpf: fix use after free in bpf_evict_inode (bsc#1083647).\n - brcm80211: potential NULL dereference in\n brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510).\n - brcmfmac: fix leak of mypkt on error return path (bsc#1111666).\n - btrfs: add a helper to return a head ref (bsc#1134813).\n - btrfs: Avoid possible qgroup_rsv_size overflow in\n btrfs_calculate_inode_block_rsv_size (git-fixes).\n - btrfs: breakout empty head cleanup to a helper (bsc#1134813).\n - btrfs: delayed-ref: Introduce better documented delayed ref structures\n (bsc#1063638 bsc#1128052 bsc#1108838).\n - btrfs: delayed-ref: Use btrfs_ref to refactor\n btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n - btrfs: delayed-ref: Use btrfs_ref to refactor\n btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n - btrfs: do not allow trimming when a fs is mounted with the nologreplay\n option (bsc#1135758).\n - btrfs: Do not panic when we can't find a root key (bsc#1112063).\n - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes\n (bsc#1063638 bsc#1128052 bsc#1108838).\n - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref\n (bsc#1063638 bsc#1128052 bsc#1108838).\n - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes()\n (bsc#1063638 bsc#1128052 bsc#1108838).\n - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent()\n (bsc#1063638 bsc#1128052 bsc#1108838).\n - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref()\n (bsc#1063638 bsc#1128052 bsc#1108838).\n - btrfs: Factor out common delayed refs init code (bsc#1134813).\n - btrfs: fix assertion failure on fsync with NO_HOLES enabled\n (bsc#1131848).\n - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes).\n - btrfs: fix incorrect file size after shrinking truncate and fsync\n (bsc#1130195).\n - btrfs: improve performance on fsync of files with multiple hardlinks\n (bsc#1123454).\n - btrfs: Introduce init_delayed_ref_head (bsc#1134813).\n - btrfs: move all ref head cleanup to the helper function (bsc#1134813).\n - btrfs: move extent_op cleanup to a helper (bsc#1134813).\n - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).\n - btrfs: Open-code add_delayed_data_ref (bsc#1134813).\n - btrfs: Open-code add_delayed_tree_ref (bsc#1134813).\n - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree\n (bsc#1063638 bsc#1128052 bsc#1108838).\n - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head\n to btrfs_qgroup_extent_record (bsc#1134162).\n - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release\n (bsc#1134160).\n - btrfs: remove delayed_ref_node from ref_head (bsc#1134813).\n - btrfs: remove WARN_ON in log_dir_items (bsc#1131847).\n - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320).\n - btrfs: split delayed ref head initialization and addition (bsc#1134813).\n - btrfs: track refs in a rb_tree instead of a list (bsc#1134813).\n - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).\n - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).\n - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).\n - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510).\n - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).\n - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).\n - ceph: fix ci->i_head_snapc leak (bsc#1122776).\n - ceph: fix ci->i_head_snapc leak (bsc#1122776).\n - ceph: fix use-after-free on symlink traversal (bsc#1134459).\n - ceph: fix use-after-free on symlink traversal (bsc#1134459).\n - ceph: only use d_name directly when parent is locked (bsc#1134460).\n - ceph: only use d_name directly when parent is locked (bsc#1134460).\n - cfg80211: Handle WMM rules in regulatory domain intersection\n (bsc#1111666).\n - cgroup: fix parsing empty mount option string (bsc#1133094).\n - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510).\n - cifs: do not dereference smb_file_target before null check (bsc#1051510).\n - cifs: Do not hide EINTR after sending network packets (bsc#1051510).\n - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510).\n - cifs: Do not reset lease state to NONE on lease break (bsc#1051510).\n - cifs: Fix adjustment of credits for MTU requests (bsc#1051510).\n - cifs: Fix credit calculation for encrypted reads with errors\n (bsc#1051510).\n - cifs: Fix credits calculations for reads with errors (bsc#1051510).\n - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542).\n - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510).\n - cifs: Fix potential OOB access of lock element array (bsc#1051510).\n - cifs: Fix read after write for files with read caching (bsc#1051510).\n - cifs: keep FileInfo handle live during oplock break (bsc#1106284,\n bsc#1131565).\n - clk: fractional-divider: check parent rate only if flag is set\n (bsc#1051510).\n - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510).\n - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510).\n - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510).\n - clk: x86: Add system specific quirk to mark clocks as critical\n (bsc#1051510).\n - configfs: fix possible use-after-free in configfs_register_group\n (bsc#1051510).\n - cpufreq: Add Hygon Dhyana support ().\n - cpufreq: Add Hygon Dhyana support (fate#327735).\n - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ ().\n - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735).\n - cpupowerutils: bench - Fix cpu online check (bsc#1051510).\n - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).\n - crypto: arm/aes-neonbs - do not access already-freed walk.iv\n (bsc#1051510).\n - crypto: caam - add missing put_device() call (bsc#1129770).\n - crypto: caam - fix caam_dump_sg that iterates through scatterlist\n (bsc#1051510).\n - crypto: caam/qi2 - fix DMA mapping of stack memory (bsc#1111666).\n - crypto: caam/qi2 - fix zero-length buffer DMA mapping (bsc#1111666).\n - crypto: caam/qi2 - generate hash keys in-place (bsc#1111666).\n - crypto: ccm - fix incompatibility between "ccm" and "ccm_base"\n (bsc#1051510).\n - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails\n (bsc#1051510).\n - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510).\n - crypto: crct10dif-generic - fix use via crypto_shash_digest()\n (bsc#1051510).\n - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510).\n - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510).\n - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"\n (bsc#1051510).\n - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510).\n - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510).\n - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510).\n - crypto: skcipher - do not WARN on unprocessed data after slow walk step\n (bsc#1051510).\n - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510).\n - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510).\n - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510).\n - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()\n (bsc#1051510).\n - crypto: x86/poly1305 - fix overflow during partial reduction\n (bsc#1051510).\n - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick\n (bsc#1127371).\n - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371).\n - cxgb4: Add flag tc_flower_initialized (bsc#1127371).\n - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371).\n - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371).\n - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371).\n - cxgb4: add per rx-queue counter for packet errors (bsc#1127371).\n - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371).\n - cxgb4: add support to display DCB info (bsc#1127371).\n - cxgb4: Add support to read actual provisioned resources (bsc#1127371).\n - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371).\n - cxgb4: collect hardware queue descriptors (bsc#1127371).\n - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371).\n - cxgb4: convert flower table to use rhashtable (bsc#1127371).\n - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability\n (bsc#1127371).\n - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371).\n - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374).\n - cxgb4/cxgb4vf: Link management changes (bsc#1127371).\n - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac()\n (bsc#1127371).\n - cxgb4: display number of rx and tx pages free (bsc#1127371).\n - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371).\n - cxgb4: Export sge_host_page_size to ulds (bsc#1127371).\n - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371).\n - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371).\n - cxgb4: Mask out interrupts that are not enabled (bsc#1127175).\n - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371).\n - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm\n (bsc#1127371).\n - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371).\n - cxgb4: remove the unneeded locks (bsc#1127371).\n - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371).\n - cxgb4: Support ethtool private flags (bsc#1127371).\n - cxgb4: update supported DCB version (bsc#1127371).\n - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371).\n - cxgb4vf: Few more link management changes (bsc#1127374).\n - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374).\n - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374).\n - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).\n - dccp: Fix memleak in __feat_register_sp (bsc#1051510).\n - debugfs: fix use-after-free on symlink traversal (bsc#1051510).\n - device_cgroup: fix RCU imbalance in error case (bsc#1051510).\n - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510).\n - Disable kgdboc failed by echo space to\n /sys/module/kgdboc/parameters/kgdboc (bsc#1051510).\n - dmaengine: axi-dmac: Do not check the number of frames for alignment\n (bsc#1051510).\n - dmaengine: imx-dma: fix warning comparison of distinct pointer types\n (bsc#1051510).\n - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510).\n - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid\n (bsc#1051510).\n - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510).\n - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510).\n - dm: disable DISCARD if the underlying storage no longer supports it\n (bsc#1114638).\n - Drivers: hv: vmbus: Offload the handling of channels to two workqueues\n (bsc#1130567).\n - Drivers: hv: vmbus: Reset the channel callback in\n vmbus_onoffer_rescind() (bsc#1130567).\n - drm/amd/display: extending AUX SW Timeout (bsc#1111666).\n - drm/amd/display: fix cursor black issue (bsc#1111666).\n - drm/amd/display: If one stream full updates, full update all planes\n (bsc#1111666).\n - drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming (bsc#1111666).\n - drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI)\n (bsc#1111666).\n - drm: Auto-set allow_fb_modifiers when given modifiers at plane init\n (bsc#1051510).\n - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510).\n - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs\n (bsc#1113722)\n - drm/doc: Drop "content type" from the legacy kms property table\n (bsc#1111666).\n - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers\n (bsc#1051510).\n - drm/exynos/mixer: fix MIXER shadow registry synchronisation code\n (bsc#1111666).\n - drm/fb-helper: dpms_legacy(): Only set on connectors in use\n (bsc#1051510).\n - drm/fb-helper: generic: Call drm_client_add() after setup is done\n (bsc#1111666).\n - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510).\n - drm/i915: Disable tv output on i9x5gm (bsc#1086657, bsc#1133897).\n - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510).\n - drm/i915/fbc: disable framebuffer compression on GeminiLake\n (bsc#1051510).\n - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510).\n - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled\n (bsc#1111666).\n - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722)\n - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113956)\n - drm/i915/gvt: Annotate iomem usage (bsc#1051510).\n - drm/i915/gvt: do not deliver a workload if its creation fails\n (bsc#1051510).\n - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722)\n - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113956)\n - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list\n (bnc#1113722)\n - drm/i915/gvt: Prevent use-after-free in ppgtt_free_all_spt()\n (bsc#1111666).\n - drm/i915/gvt: Roundup fb->height into tile's height at calucation\n fb->size (bsc#1111666).\n - drm/i915/icl: Whitelist GEN9_SLICE_COMMON_ECO_CHICKEN1 (bsc#1111666).\n - drm/imx: do not skip DP channel disable for background plane\n (bsc#1051510).\n - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()\n (bsc#1113722)\n - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()\n (bsc#1113956)\n - drm/mediatek: fix possible object reference leak (bsc#1051510).\n - drm/meson: add size and alignment requirements for dumb buffers\n (bnc#1113722)\n - drm/nouveau: add DisplayPort CEC-Tunneling-over-AUX support\n (bsc#1133593).\n - drm/nouveau: Add NV_PRINTK_ONCE and variants (bsc#1133593).\n - drm/nouveau: Add size to vbios.rom file in debugfs (bsc#1133593).\n - drm/nouveau: Add strap_peek to debugfs (bsc#1133593).\n - drm/nouveau/bar/tu104: initial support (bsc#1133593).\n - drm/nouveau/bar/tu106: initial support (bsc#1133593).\n - drm/nouveau/bios: translate additional memory types (bsc#1133593).\n - drm/nouveau/bios: translate USB-C connector type (bsc#1133593).\n - drm/nouveau/bios/tu104: initial support (bsc#1133593).\n - drm/nouveau/bios/tu106: initial support (bsc#1133593).\n - drm/nouveau/bus/tu104: initial support (bsc#1133593).\n - drm/nouveau/bus/tu106: initial support (bsc#1133593).\n - drm/nouveau/ce/tu104: initial support (bsc#1133593).\n - drm/nouveau/ce/tu106: initial support (bsc#1133593).\n - drm/nouveau: Cleanup indenting in nouveau_backlight.c (bsc#1133593).\n - drm/nouveau/core: increase maximum number of nvdec instances to 3\n (bsc#1133593).\n - drm/nouveau/core: recognise TU102 (bsc#1133593).\n - drm/nouveau/core: recognise TU104 (bsc#1133593).\n - drm/nouveau/core: recognise TU106 (bsc#1133593).\n - drm/nouveau/core: support multiple nvdec instances (bsc#1133593).\n - drm/nouveau/devinit/gm200-: export function to upload+execute PMU/PRE_OS\n (bsc#1133593).\n - drm/nouveau/devinit/tu104: initial support (bsc#1133593).\n - drm/nouveau/devinit/tu106: initial support (bsc#1133593).\n - drm/nouveau/disp: add a way to configure scrambling/tmds for hdmi 2.0\n (bsc#1133593).\n - drm/nouveau/disp: add support for setting scdc parameters for high modes\n (bsc#1133593).\n - drm/nouveau/disp/gm200-: add scdc parameter setter (bsc#1133593).\n - drm/nouveau/disp/gv100: fix name of window channels in debug output\n (bsc#1133593).\n - drm/nouveau/disp: keep track of high-speed state, program into clock\n (bsc#1133593).\n - drm/nouveau/disp: take sink support into account for exposing 594mhz\n (bsc#1133593).\n - drm/nouveau/disp/tu104: initial support (bsc#1133593).\n - drm/nouveau/disp/tu106: initial support (bsc#1133593).\n - drm/nouveau/dma/tu104: initial support (bsc#1133593).\n - drm/nouveau/dma/tu106: initial support (bsc#1133593).\n - drm/nouveau/drm/nouveau: Do not forget to label dp_aux devices\n (bsc#1133593).\n - drm/nouveau/drm/nouveau:\n s/nouveau_backlight_exit/nouveau_backlight_fini/ (bsc#1133593).\n - drm/nouveau/drm/nouveau: tegra: Call nouveau_drm_device_init()\n (bsc#1133593).\n - drm/nouveau/fault: add explicit control over fault buffer interrupts\n (bsc#1133593).\n - drm/nouveau/fault: remove manual mapping of fault buffers into BAR2\n (bsc#1133593).\n - drm/nouveau/fault: store get/put pri address in nvkm_fault_buffer\n (bsc#1133593).\n - drm/nouveau/fault/tu104: initial support (bsc#1133593).\n - drm/nouveau/fault/tu106: initial support (bsc#1133593).\n - drm/nouveau/fb/tu104: initial support (bsc#1133593).\n - drm/nouveau/fb/tu106: initial support (bsc#1133593).\n - drm/nouveau/fifo/gf100-: call into BAR to reset BARs after MMU fault\n (bsc#1133593).\n - drm/nouveau/fifo/gk104-: group pbdma functions together (bsc#1133593).\n - drm/nouveau/fifo/gk104-: return channel instance in ctor args\n (bsc#1133593).\n - drm/nouveau/fifo/gk104-: separate runlist building from committing to hw\n (bsc#1133593).\n - drm/nouveau/fifo/gk104-: support enabling privileged ce functions\n (bsc#1133593).\n - drm/nouveau/fifo/gk104-: virtualise pbdma enable function (bsc#1133593).\n - drm/nouveau/fifo/gm200-: read pbdma count more directly (bsc#1133593).\n - drm/nouveau/fifo/gv100: allocate method buffer (bsc#1133593).\n - drm/nouveau/fifo/gv100: return work submission token in channel ctor\n args (bsc#1133593).\n - drm/nouveau/fifo/tu104: initial support (bsc#1133593).\n - drm/nouveau/fifo/tu106: initial support (bsc#1133593).\n - drm/nouveau: Fix potential memory leak in nouveau_drm_load()\n (bsc#1133593).\n - drm/nouveau/fuse/tu104: initial support (bsc#1133593).\n - drm/nouveau/fuse/tu106: initial support (bsc#1133593).\n - drm/nouveau/gpio/tu104: initial support (bsc#1133593).\n - drm/nouveau/gpio/tu106: initial support (bsc#1133593).\n - drm/nouveau/i2c/tu104: initial support (bsc#1133593).\n - drm/nouveau/i2c/tu106: initial support (bsc#1133593).\n - drm/nouveau/ibus/tu104: initial support (bsc#1133593).\n - drm/nouveau/ibus/tu106: initial support (bsc#1133593).\n - drm/nouveau/imem/nv50: support pinning objects in BAR2 and returning\n address (bsc#1133593).\n - drm/nouveau/imem/tu104: initial support (bsc#1133593).\n - drm/nouveau/imem/tu106: initial support (bsc#1133593).\n - drm/nouveau/kms/nv50-: allow more flexibility with lut formats\n (bsc#1133593).\n - drm/nouveau/kms/tu104: initial support (bsc#1133593).\n - drm/nouveau/ltc/tu104: initial support (bsc#1133593).\n - drm/nouveau/ltc/tu106: initial support (bsc#1133593).\n - drm/nouveau/mc/tu104: initial support (bsc#1133593).\n - drm/nouveau/mc/tu106: initial support (bsc#1133593).\n - drm/nouveau/mmu: add more general vmm free/node handling functions\n (bsc#1133593).\n - drm/nouveau/mmu/tu104: initial support (bsc#1133593).\n - drm/nouveau/mmu/tu106: initial support (bsc#1133593).\n - drm/nouveau: Move backlight device into nouveau_connector (bsc#1133593).\n - drm/nouveau/pci/tu104: initial support (bsc#1133593).\n - drm/nouveau/pci/tu106: initial support (bsc#1133593).\n - drm/nouveau/pmu/tu104: initial support (bsc#1133593).\n - drm/nouveau/pmu/tu106: initial support (bsc#1133593).\n - drm/nouveau: Refactor nvXX_backlight_init() (bsc#1133593).\n - drm/nouveau: register backlight on pascal and newer (bsc#1133593).\n - drm/nouveau: remove left-over struct member (bsc#1133593).\n - drm/nouveau: Remove unecessary dma_fence_ops (bsc#1133593).\n - drm/nouveau: Start using new drm_dev initialization helpers\n (bsc#1133593).\n - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510).\n - drm/nouveau/therm/tu104: initial support (bsc#1133593).\n - drm/nouveau/therm/tu106: initial support (bsc#1133593).\n - drm/nouveau/tmr/tu104: initial support (bsc#1133593).\n - drm/nouveau/tmr/tu106: initial support (bsc#1133593).\n - drm/nouveau/top/tu104: initial support (bsc#1133593).\n - drm/nouveau/top/tu106: initial support (bsc#1133593).\n - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510).\n - drm/omap: hdmi4_cec: Fix CEC clock handling for PM (bsc#1111666).\n - drm/panel: panel-innolux: set display off in innolux_panel_unprepare\n (bsc#1111666).\n - drm/pl111: Initialize clock spinlock early (bsc#1111666).\n - drm: rcar-du: Fix rcar_du_crtc structure documentation (bsc#1111666).\n - drm/rockchip: fix for mailbox read validation (bsc#1051510).\n - drm/rockchip: fix for mailbox read validation (bsc#1111666).\n - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510).\n - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722)\n - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind\n (bsc#1113722)\n - drm/sun4i: Fix component unbinding and component master deletion\n (bsc#1113722)\n - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)\n - drm/sun4i: Set device driver data at bind time for use in unbind\n (bsc#1113722)\n - drm/sun4i: tcon top: Fix NULL/invalid pointer dereference in\n sun8i_tcon_top_un/bind (bsc#1111666).\n - drm/sun4i: Unbind components before releasing DRM and memory\n (bsc#1113722)\n - drm/tegra: gem: Fix CPU-cache maintenance for BO's allocated using\n get_pages() (bsc#1111666).\n - drm/tegra: hub: Fix dereference before check (bsc#1111666).\n - drm/ttm: Fix bo_global and mem_global kfree error (bsc#1111666).\n - drm/ttm: fix out-of-bounds read in ttm_put_pages() v2 (bsc#1111666).\n - drm/ttm: Remove warning about inconsistent mapping information\n (bnc#1131488)\n - drm/udl: add a release method and delay modeset teardown (bsc#1085536)\n - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722)\n - drm/vmwgfx: Remove set but not used variable 'restart' (bsc#1111666).\n - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit\n (networking-stable-19_02_20).\n - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings\n (bsc#1129770).\n - dwc2: gadget: Fix completed transfer size calculation in DDMA\n (bsc#1051510).\n - e1000e: fix cyclic resets at link up with active tx (bsc#1051510).\n - e1000e: Fix -Wformat-truncation warnings (bsc#1051510).\n - EDAC, amd64: Add Hygon Dhyana support ().\n - EDAC, amd64: Add Hygon Dhyana support (fate#327735).\n - ext4: actually request zeroing of inode table after grow (bsc#1135315).\n - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851).\n - ext4: Do not warn when enabling DAX (bsc#1132894).\n - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316).\n - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314).\n - fbdev: fbmem: fix memory access if logo is bigger than the screen\n (bsc#1051510).\n - fix cgroup_do_mount() handling of failure exits (bsc#1133095).\n - Fix kabi after "md: batch flush requests." (bsc#1119680).\n - fix rtnh_ok() (git-fixes).\n - Fix struct page kABI after adding atomic for ppc (bsc#1131326,\n bsc#1108937).\n - fm10k: Fix a potential NULL pointer dereference (bsc#1051510).\n - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range()\n (bsc#1132384, bsc#1132219).\n - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes).\n - futex: Cure exit race (bsc#1050549).\n - futex: Ensure that futex address is aligned in handle_futex_death()\n (bsc#1050549).\n - futex: Handle early deadlock return correctly (bsc#1050549).\n - genetlink: Fix a memory leak on error path (networking-stable-19_03_28).\n - ghes, EDAC: Fix ghes_edac registration (bsc#1133176).\n - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input\n (bsc#1051510).\n - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510).\n - gpio: gpio-omap: fix level interrupt idling (bsc#1051510).\n - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510).\n - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510).\n - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes).\n - HID: debug: fix race condition with between rdesc_show() and device\n removal (bsc#1051510).\n - HID: i2c-hid: Ignore input report if there's no data present on Elan\n touchpanels (bsc#1133486).\n - HID: input: add mapping for Assistant key (bsc#1051510).\n - HID: input: add mapping for Expose/Overview key (bsc#1051510).\n - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys\n (bsc#1051510).\n - HID: input: add mapping for "Toggle Display" key (bsc#1051510).\n - HID: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510).\n - HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR\n busy_clear bit (bsc#1051510).\n - HID: logitech: check the return value of create_singlethread_workqueue\n (bsc#1051510).\n - hv_netvsc: Fix IP header checksum for coalesced packets\n (networking-stable-19_03_07).\n - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses\n (bsc#1051510).\n - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses\n (bsc#1051510).\n - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses\n (bsc#1051510).\n - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses\n (bsc#1051510).\n - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses\n (bsc#1051510).\n - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses\n (bsc#1051510).\n - hwrng: virtio - Avoid repeated init of completion (bsc#1051510).\n - i2c: imx: correct the method of getting private data in notifier_call\n (bsc#1111666).\n - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193).\n - i2c: synquacer: fix enumeration of slave devices (bsc#1111666).\n - ibmvnic: Enable GRO (bsc#1132227).\n - ibmvnic: Fix completion structure initialization (bsc#1131659).\n - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227).\n - igmp: fix incorrect unsolicit report count when join group (git-fixes).\n - iio: adc: at91: disable adc channel interrupt in timeout case\n (bsc#1051510).\n - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510).\n - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510).\n - iio: ad_sigma_delta: select channel when reading register (bsc#1051510).\n - iio: core: fix a possible circular locking dependency (bsc#1051510).\n - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510).\n - iio: dac: mcp4725: add missing powerdown bits in store eeprom\n (bsc#1051510).\n - iio: Fix scan mask selection (bsc#1051510).\n - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510).\n - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510).\n - inetpeer: fix uninit-value in inet_getpeer (git-fixes).\n - Input: elan_i2c - add hardware ID for multiple Lenovo laptops\n (bsc#1051510).\n - Input: introduce KEY_ASSISTANT (bsc#1051510).\n - Input: snvs_pwrkey - initialize necessary driver data before enabling\n IRQ (bsc#1051510).\n - Input: synaptics-rmi4 - fix possible double free (bsc#1051510).\n - Input: synaptics-rmi4 - write config register values to the right offset\n (bsc#1051510).\n - intel_idle: add support for Jacobsville (jsc#SLE-5394).\n - intel_th: msu: Fix single mode with IOMMU (bsc#1051510).\n - intel_th: pci: Add Comet Lake support (bsc#1051510).\n - io: accel: kxcjk1013: restore the range after resume (bsc#1051510).\n - iommu/amd: Set exclusion range correctly (bsc#1130425).\n - iommu/vt-d: Do not request page request irq under dmar_global_lock\n (bsc#1135006).\n - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU\n (bsc#1135007).\n - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008).\n - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address\n (git-fixes).\n - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type\n (networking-stable-19_04_10).\n - ipconfig: Correctly initialise ic_nameservers (bsc#1051510).\n - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193).\n - ipmi: fix sleep-in-atomic in free_user at cleanup SRCU\n user->release_barrier (bsc#1111666).\n - ipmi: Prevent use-after-free in deliver_response (bsc#1111666).\n - ipmi:ssif: compare block number correctly for multi-part return messages\n (bsc#1051510).\n - ipmi_ssif: Remove duplicate NULL check (bsc#1108193).\n - ip_tunnel: Fix name string concatenate in __ip_tunnel_create()\n (git-fixes).\n - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07).\n - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes).\n - ipv6: fix cleanup ordering for pingv6 registration (git-fixes).\n - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes).\n - ipv6: mcast: fix unsolicited report interval after receiving querys\n (git-fixes).\n - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24).\n - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07).\n - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes).\n - ipvlan: Add the skb->mark as flow4's member to lookup route\n (bsc#1051510).\n - ipvlan: disallow userns cap_net_admin to change global mode/flags\n (networking-stable-19_03_15).\n - ipvlan: fix ipv6 outbound device (bsc#1051510).\n - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510).\n - ipvs: fix buffer overflow with sync daemon and service (git-fixes).\n - ipvs: fix check on xmit to non-local addresses (git-fixes).\n - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()\n (bsc#1051510).\n - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes).\n - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510).\n - ipvs: fix stats update from local clients (git-fixes).\n - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes).\n - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371).\n - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510).\n - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770).\n - iwlwifi: fix driver operation for 5350 (bsc#1111666).\n - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770).\n - kABI: protect functions using struct net_generic (bsc#1129845\n LTC#176252).\n - kABI: protect ip_options_rcv_srr (kabi).\n - kABI: protect struct mlx5_td (kabi).\n - kABI: protect struct smcd_dev (bsc#1129845 LTC#176252).\n - kABI: protect struct smc_ib_device (bsc#1129845 LTC#176252).\n - kABI: restore icmp_send (kabi).\n - kABI workaround for removed usb_interface.pm_usage_cnt field\n (bsc#1051510).\n - kABI workaround for snd_seq_kernel_client_enqueue() API changes\n (bsc#1051510).\n - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729).\n - kcm: switch order of device registration to fix a crash (bnc#1130527).\n - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv\n (bsc#1051510).\n - kernel/sysctl.c: fix out-of-bounds access when setting file-max\n (bsc#1051510).\n - kernfs: do not set dentry->d_fsdata (boo#1133115).\n - KEYS: always initialize keyring_index_key::desc_len (bsc#1051510).\n - KEYS: user: Align the payload buffer (bsc#1051510).\n - kmsg: Update message catalog to latest IBM level (2019/03/08)\n (bsc#1128904 LTC#176078).\n - kvm: Call kvm_arch_memslots_updated() before updating memslots\n (bsc#1132563).\n - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149).\n - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199).\n - kvm: nVMX: Apply addr size mask to effective address for VMX\n instructions (bsc#1132561).\n - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200).\n - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments\n (bsc#1132564).\n - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail\n (bsc#1134201).\n - kvm: nVMX: Sign extend displacements of VMX instr's mem operands\n (bsc#1132562).\n - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode\n switch (bsc#1061840).\n - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)\n (bsc#1133149).\n - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run\n (bsc#1132555).\n - kvm: VMX: Zero out *all* general purpose registers after VM-Exit\n (bsc#1134202).\n - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels\n (bsc#1134203).\n - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU\n (bsc#1134204).\n - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279).\n - kvm: x86/mmu: Detect MMIO generation wrap in any address space\n (bsc#1132570).\n - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux\n (bsc#1132571).\n - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331).\n - kvm: x86: svm: make sure NMI is injected after nmi_singlestep\n (bsc#1134205).\n - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510).\n - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes).\n - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes).\n - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes).\n - l2tp: prevent pppol2tp_connect() from creating kernel sockets\n (git-fixes).\n - l2tp: revert "l2tp: fix missing print session offset info" (bsc#1051510).\n - leds: avoid races with workqueue (bsc#1051510).\n - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510).\n - lib: add crc64 calculation routines (bsc#1130972).\n - libata: fix using DMA buffers on stack (bsc#1051510).\n - lib: do not depend on linux headers being installed (bsc#1130972).\n - lightnvm: if LUNs are already allocated fix return (bsc#1085535).\n - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()\n (bsc#1051510).\n - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).\n - mac80211: do not attempt to rename ERR_PTR() debugfs dirs (bsc#1111666).\n - mac80211: do not call driver wake_tx_queue op during reconfig\n (bsc#1051510).\n - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510).\n - mac80211: fix unaligned access in mesh table hash function (bsc#1051510).\n - mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode\n (bsc#1111666).\n - mac8390: Fix mmio access size probe (bsc#1051510).\n - md: batch flush requests (bsc#1119680).\n - md: Fix failed allocation of md_register_thread (git-fixes).\n - MD: fix invalid stored role for a disk (bsc#1051510).\n - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes).\n - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes).\n - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510).\n - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510).\n - media: cx23885: check allocation return (bsc#1051510).\n - media: davinci-isif: avoid uninitialized variable use (bsc#1051510).\n - media: davinci/vpbe: array underflow in vpbe_enum_outputs()\n (bsc#1051510).\n - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510).\n - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510).\n - media: mtk-jpeg: Correct return type for mem2mem buffer helpers\n (bsc#1051510).\n - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers\n (bsc#1051510).\n - media: omap_vout: potential buffer overflow in vidioc_dqbuf()\n (bsc#1051510).\n - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510).\n - media: pvrusb2: Prevent a buffer overflow (bsc#1129770).\n - media: s5p-g2d: Correct return type for mem2mem buffer helpers\n (bsc#1051510).\n - media: s5p-jpeg: Correct return type for mem2mem buffer helpers\n (bsc#1051510).\n - media: serial_ir: Fix use-after-free in serial_ir_init_module\n (bsc#1051510).\n - media: sh_veu: Correct return type for mem2mem buffer helpers\n (bsc#1051510).\n - media: tw5864: Fix possible NULL pointer dereference in\n tw5864_handle_frame (bsc#1051510).\n - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap\n (bsc#1051510).\n - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510).\n - media: wl128x: prevent two potential buffer overflows (bsc#1051510).\n - mISDN: Check address length before reading address family (bsc#1051510).\n - missing barriers in some of unix_sock ->addr and ->path accesses\n (networking-stable-19_03_15).\n - mmc: core: fix possible use after free of host (bsc#1051510).\n - mmc: core: Fix tag set memory leak (bsc#1111666).\n - mmc: davinci: remove extraneous __init annotation (bsc#1051510).\n - mm: create non-atomic version of SetPageReserved for init use\n (jsc#SLE-6647).\n - mmc: sdhci: Fix data command CRC error handling (bsc#1051510).\n - mmc: sdhci: Handle auto-command errors (bsc#1051510).\n - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR\n (bsc#1051510).\n - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510).\n - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934).\n - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned\n addresses (bsc#1135330).\n - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate()\n (bsc#1131935).\n - mm/vmalloc: fix size check for remap_vmalloc_range_partial()\n (bsc#1133825).\n - mpls: Return error for RTA_GATEWAY attribute\n (networking-stable-19_03_07).\n - mt7601u: bump supported EEPROM version (bsc#1051510).\n - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510).\n - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device\n (bsc#1051510).\n - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol\n (bsc#1051510).\n - mtd: part: fix incorrect format specifier for an unsigned long long\n (bsc#1051510).\n - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on\n read/write (bsc#1129770).\n - mwifiex: do not advertise IBSS features without FW support (bsc#1129770).\n - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510).\n - mwifiex: Make resume actually do something useful again on SDIO cards\n (bsc#1111666).\n - mwifiex: prevent an array overflow (bsc#1051510).\n - mwl8k: Fix rate_idx underflow (bsc#1051510).\n - net: Add header for usage of fls64() (networking-stable-19_02_20).\n - net: Add __icmp_send helper (networking-stable-19_03_07).\n - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6\n (networking-stable-19_03_28).\n - net: avoid false positives in untrusted gso validation (git-fixes).\n - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes).\n - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07).\n - net: bridge: add vlan_tunnel to bridge port policies (git-fixes).\n - net: bridge: fix per-port af_packet sockets (git-fixes).\n - net: bridge: multicast: use rcu to access port list from\n br_multicast_start_querier (git-fixes).\n - net: datagram: fix unbounded loop in __skb_try_recv_datagram()\n (git-fixes).\n - net: Do not allocate page fragments that are not skb aligned\n (networking-stable-19_02_20).\n - net: dsa: legacy: do not unmask port bitmaps (git-fixes).\n - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07).\n - net: ethtool: not call vzalloc for zero sized memory request\n (networking-stable-19_04_10).\n - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev\n (git-fixes).\n - netfilter: bridge: ebt_among: add missing match size checks (git-fixes).\n - netfilter: bridge: ebt_among: add more missing match size checks\n (git-fixes).\n - netfilter: bridge: set skb transport_header before entering\n NF_INET_PRE_ROUTING (git-fixes).\n - netfilter: drop template ct when conntrack is skipped (git-fixes).\n - netfilter: ebtables: handle string from userspace with care (git-fixes).\n - netfilter: ebtables: reject non-bridge targets (git-fixes).\n - netfilter: ip6t_MASQUERADE: add dependency on conntrack module\n (git-fixes).\n - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to\n ip_set_net_exit() (git-fixes).\n - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt\n (git-fixes).\n - netfilter: nf_log: do not hold nf_log_mutex during user access\n (git-fixes).\n - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes).\n - netfilter: nf_socket: Fix out of bounds access in\n nf_sk_lookup_slow_v{4,6} (git-fixes).\n - netfilter: nf_tables: can't fail after linking rule into active rule\n list (git-fixes).\n - netfilter: nf_tables: check msg_type before nft_trans_set(trans)\n (git-fixes).\n - netfilter: nf_tables: fix NULL pointer dereference on\n nft_ct_helper_obj_dump() (git-fixes).\n - netfilter: nf_tables: release chain in flushing set (git-fixes).\n - netfilter: x_tables: avoid out-of-bounds reads in\n xt_request_find_{match|target} (git-fixes).\n - netfilter: x_tables: fix int overflow in xt_alloc_table_info()\n (git-fixes).\n - netfilter: x_tables: initialise match/target check parameter struct\n (git-fixes).\n - net: Fix a bug in removing queues from XPS map (git-fixes).\n - net: Fix for_each_netdev_feature on Big endian\n (networking-stable-19_02_20).\n - net: fix IPv6 prefix route residue (networking-stable-19_02_20).\n - net: fix uninit-value in __hw_addr_add_ex() (git-fixes).\n - net: Fix untag for vlan packets without ethernet header (git-fixes).\n - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off\n (git-fixes).\n - net-gro: Fix GRO flush when receiving a GSO packet\n (networking-stable-19_04_10).\n - net: hsr: fix memory leak in hsr_dev_finalize()\n (networking-stable-19_03_15).\n - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15).\n - net/ibmvnic: Update carrier state after link state change (bsc#1135100).\n - net/ibmvnic: Update MAC address settings after adapter reset\n (bsc#1134760).\n - net: initialize skb->peeked when cloning (git-fixes).\n - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev\n (git-fixes).\n - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes).\n - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices\n (git-fixes).\n - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes).\n - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07).\n - netlink: fix uninit-value in netlink_sendmsg (git-fixes).\n - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10).\n - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10).\n - net/mlx5e: Do not overwrite pedit action when multiple pedit used\n (networking-stable-19_02_24).\n - net/mlx5e: Fix error handling when refreshing TIRs\n (networking-stable-19_04_10).\n - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails\n (networking-stable-19_03_07).\n - net/packet: fix 4gb buffer limit due to overflow check\n (networking-stable-19_02_24).\n - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes).\n - net: rose: fix a possible stack overflow (networking-stable-19_03_28).\n - net/sched: act_sample: fix divide by zero in the traffic path\n (networking-stable-19_04_10).\n - net/sched: fix ->get helper of the matchall cls\n (networking-stable-19_04_10).\n - net_sched: fix two more memory leaks in cls_tcindex\n (networking-stable-19_02_24).\n - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255\n (networking-stable-19_03_15).\n - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07).\n - net: sit: fix UBSAN Undefined behaviour in check_6rd\n (networking-stable-19_03_15).\n - net/smc: add pnet table namespace support (bsc#1129845 LTC#176252).\n - net/smc: add smcd support to the pnet table (bsc#1129845 LTC#176252).\n - net/smc: allow PCI IDs as ib device names in the pnet table (bsc#1129845\n LTC#176252).\n - net/smc: allow pnetid-less configuration (bsc#1129845 LTC#176252).\n - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518).\n - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1129845 LTC#176252).\n - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518).\n - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518).\n - net/smc: consolidate function parameters (bsc#1134607 LTC#177518).\n - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518).\n - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518).\n - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518).\n - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518).\n - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518).\n - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518).\n - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518).\n - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518).\n - net/smc: rework pnet table (bsc#1129845 LTC#176252).\n - net/smc: wait for pending work before clcsock release_sock (bsc#1134607\n LTC#177518).\n - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes).\n - net: socket: set sock->sk to NULL after calling proto_ops::release()\n (networking-stable-19_03_07).\n - net: stmmac: fix memory corruption with large MTUs\n (networking-stable-19_03_28).\n - net: test tailroom before appending to linear skb (git-fixes).\n - net: validate untrusted gso packets without csum offload\n (networking-stable-19_02_20).\n - net/x25: fix a race in x25_bind() (networking-stable-19_03_15).\n - net/x25: fix use-after-free in x25_device_event()\n (networking-stable-19_03_15).\n - net/x25: reset state in x25_connect() (networking-stable-19_03_15).\n - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()\n (git-fixes).\n - NFC: nci: Add some bounds checking in nci_hci_cmd_received()\n (bsc#1051510).\n - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations\n (git-fixes).\n - nfsd4: catch some false session retries (git-fixes).\n - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes).\n - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror()\n (git-fixes).\n - nfs: Do not use page_file_mapping after removing the page (git-fixes).\n - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes).\n - nfs: Fix a soft lockup in the delegation recovery code (git-fixes).\n - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes).\n - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618).\n - nfs: Fix I/O request leakages (git-fixes).\n - nfs: fix mount/umount race in nlmclnt (git-fixes).\n - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount\n (git-fixes).\n - nfsv4.1 do not free interrupted slot on open (git-fixes).\n - nfsv4.1: Reinitialise sequence results before retransmitting a request\n (git-fixes).\n - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes).\n - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands\n (bsc#1051510).\n - nvme: add proper discard setup for the multipath device (bsc#1114638).\n - nvme-fc: use separate work queue to avoid warning (bsc#1131673).\n - nvme: fix the dangerous reference of namespaces list (bsc#1131673).\n - nvme: make sure ns head inherits underlying device limits (bsc#1131673).\n - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration\n (bsc#1129273).\n - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration\n (bsc#1130937).\n - nvme-multipath: split bios with the ns_head bio_set before submitting\n (bsc#1103259, bsc#1131673).\n - nvme: only reconfigure discard if necessary (bsc#1114638).\n - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on\n OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393.\n - omapfb: add missing of_node_put after of_device_is_available\n (bsc#1051510).\n - openvswitch: add seqadj extension when NAT is used (bsc#1051510).\n - openvswitch: fix flow actions reallocation (bsc#1051510).\n - overflow: Fix -Wtype-limits compilation warnings (bsc#1111666).\n - packet: fix reserve calculation (git-fixes).\n - packet: in packet_snd start writing at link layer allocation (git-fixes).\n - packet: refine ring v3 block size test to hold one frame (git-fixes).\n - packet: reset network header if packet shorter than ll reserved space\n (git-fixes).\n - packets: Always register packet sk in the same order\n (networking-stable-19_03_28).\n - packet: validate msg_namelen in send directly (git-fixes).\n - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller\n (bsc#1051510).\n - PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable\n (bsc#1051510).\n - PCI: Init PCIe feature bits for managed host bridge alloc (bsc#1111666).\n - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510).\n - PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1051510).\n - PCI: pciehp: Convert to threaded IRQ (bsc#1133005).\n - PCI: pciehp: Ignore Link State Changes after powering off a slot\n (bsc#1133005).\n - PCI: pciehp: Tolerate Presence Detect hardwired to zero (bsc#1133016).\n - perf tools: Add Hygon Dhyana support ().\n - perf tools: Add Hygon Dhyana support (fate#327735).\n - perf/x86/amd: Add event map for AMD Family 17h (bsc#1134223).\n - perf/x86/amd: Update generic hardware cache events for Family 17h\n (bsc#1134223).\n - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode\n (bsc#1051510).\n - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs\n (bsc#1051510).\n - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510).\n - platform/x86: dell-rbtn: Add missing #include (bsc#1051510).\n - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510).\n - platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning"\n (bsc#1051510).\n - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510).\n - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510).\n - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls\n (bsc#1088804, git-fixes).\n - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117).\n - powerpc/64s: Fix page table fragment refcount race vs speculative\n references (bsc#1131326, bsc#1108937).\n - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729).\n - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729).\n - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest\n (bsc#1061840).\n - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area\n callback (bsc#1131900).\n - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840).\n - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes).\n - powerpc/mm: Check secondary hash page table (bsc#1065729).\n - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186,\n fate#323286, git-fixes).\n - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186,\n git-fixes).\n - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area\n topdown search (bsc#1131900).\n - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186,\n fate#323286, git-fixes).\n - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186,\n git-fixes).\n - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186,\n fate#323286, git-fixes).\n - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186,\n git-fixes).\n - powerpc/numa: document topology_updates_enabled, disable by default\n (bsc#1133584).\n - powerpc/numa: improve control of topology updates (bsc#1133584).\n - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043).\n - powerpc/perf: Remove l2 bus events from HW cache event array\n (bsc#1053043).\n - powerpc/powernv/cpuidle: Init all present cpus for deep states\n (bsc#1055121).\n - powerpc/powernv: Do not reprogram SLW image on every KVM guest\n entry/exit (bsc#1061840).\n - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840).\n - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace\n addresses on demand (bsc#1061840).\n - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU\n tables (bsc#1061840).\n - powerpc/powernv: Make opal log only readable by root (bsc#1065729).\n - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840).\n - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178).\n - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587).\n - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038\n (bsc#1131587).\n - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros\n (bsc#1051510).\n - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510).\n - proc/kcore: do not bounds check against address 0 (bsc#1051510).\n - proc: revalidate kernel thread inodes to root:root (bsc#1051510).\n - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510).\n - pwm: Fix deadlock warning when removing PWM device (bsc#1051510).\n - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510).\n - pwm: meson: Do not disable PWM when setting duty repeatedly\n (bsc#1051510).\n - pwm: meson: Use the spin-lock only to protect register modifications\n (bsc#1051510).\n - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510).\n - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128971).\n - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979).\n - qla2xxx: always allocate qla_tgt_wq (bsc#1131451).\n - qmi_wwan: add Olicard 600 (bsc#1051510).\n - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07).\n - raid10: It's wrong to add len to sector_nr in raid10 reshape twice\n (git-fixes).\n - RAS/CEC: Check the correct variable in the debugfs error handling\n (bsc#1085535).\n - ravb: Decrease TxFIFO depth of Q3 and Q2 to one\n (networking-stable-19_03_15).\n - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371).\n - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371).\n - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371).\n - rdma/cxgb4: fix some info leaks (bsc#1127371).\n - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371).\n - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371).\n - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371).\n - rdma/smc: Replace ib_query_gid with rdma_get_gid_attr (bsc#1131530\n LTC#176717).\n - rds: fix refcount bug in rds_sock_addref (git-fixes).\n - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns\n delete (git-fixes).\n - Re-enable nouveau for PCI device 10de:1cbb (bsc#1133593).\n - Re-export snd_cards for kABI compatibility (bsc#1051510).\n - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB\n (bsc#1051510).\n - Revert "alsa: seq: Protect in-kernel ioctl calls with mutex"\n (bsc#1051510).\n - Revert "block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe\n drivers" (bsc#1110946, bsc#1119843).\n - Revert "block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe\n drivers" (bsc#1110946, bsc#1119843).\n - Revert "drm/sun4i: rgb: Change the pixel clock validation check\n (bnc#1113722)" The patch seems buggy, breaks the build for armv7hl/pae\n config.\n - Revert "ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd"\n (bsc#1110946).\n - Revert "ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd"\n (bsc#1110946, bsc#1119843).\n - Revert "tty: pty: Fix race condition between release_one_tty and\n pty_write" (bsc#1051510).\n - ring-buffer: Check if memory is available before allocation\n (bsc#1132531).\n - rt2x00: do not increment sequence number while re-transmitting\n (bsc#1051510).\n - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510).\n - rxrpc: Do not release call mutex on error pointer (git-fixes).\n - rxrpc: Do not treat call aborts as conn aborts (git-fixes).\n - rxrpc: Fix client call queueing, waiting for channel\n (networking-stable-19_03_15).\n - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes).\n - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket\n (git-fixes).\n - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes).\n - s390/dasd: fix panic for failed online processing (bsc#1132589).\n - s390/pkey: move pckmo subfunction available checks away from module init\n (bsc#1128544).\n - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516).\n - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178).\n - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()\n (bsc#1051510).\n - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510).\n - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510).\n - scripts/git_sort/git_sort.py: remove old SCSI git branches\n - scripts: override locale from environment when running recordmcount.pl\n (bsc#1134354).\n - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467).\n - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature\n (bsc#1130579).\n - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044).\n - scsi: smartpqi: add H3C controller IDs (bsc#1133547).\n - scsi: smartpqi: add h3c ssid (bsc#1133547).\n - scsi: smartpqi: add no_write_same for logical volumes (bsc#1133547).\n - scsi: smartpqi: add ofa support (bsc#1133547).\n - scsi: smartpqi: Add retries for device reset (bsc#1133547).\n - scsi: smartpqi: add smp_utils support (bsc#1133547).\n - scsi: smartpqi: add spdx (bsc#1133547).\n - scsi: smartpqi: add support for huawei controllers (bsc#1133547).\n - scsi: smartpqi: add support for PQI Config Table handshake (bsc#1133547).\n - scsi: smartpqi: add sysfs attributes (bsc#1133547).\n - scsi: smartpqi: allow for larger raid maps (bsc#1133547).\n - scsi: smartpqi: bump driver version (bsc#1133547).\n - scsi: smartpqi: bump driver version (bsc#1133547).\n - scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown()\n (bsc#1133547).\n - scsi: smartpqi: check for null device pointers (bsc#1133547).\n - scsi: smartpqi: correct host serial num for ssa (bsc#1133547).\n - scsi: smartpqi: correct lun reset issues (bsc#1133547).\n - scsi: smartpqi: correct volume status (bsc#1133547).\n - scsi: smartpqi: do not offline disks for transient did no connect\n conditions (bsc#1133547).\n - scsi: smartpqi: enhance numa node detection (bsc#1133547).\n - scsi: smartpqi: fix build warnings (bsc#1133547).\n - scsi: smartpqi: fix disk name mount point (bsc#1133547).\n - scsi: smartpqi: fully convert to the generic DMA API (bsc#1133547).\n - scsi: smartpqi: increase fw status register read timeout (bsc#1133547).\n - scsi: smartpqi: increase LUN reset timeout (bsc#1133547).\n - scsi: smartpqi_init: fix boolean expression in pqi_device_remove_start\n (bsc#1133547).\n - scsi: smartpqi: refactor sending controller raid requests (bsc#1133547).\n - scsi: smartpqi: Reporting 'logical unit failure' (bsc#1133547).\n - scsi: smartpqi: turn off lun data caching for ptraid (bsc#1133547).\n - scsi: smartpqi: update copyright (bsc#1133547).\n - scsi: smartpqi: update driver version (bsc#1133547).\n - scsi: smartpqi: wake up drives after os resumes from suspend\n (bsc#1133547).\n - sctp: call gso_reset_checksum when computing checksum in\n sctp_gso_segment (networking-stable-19_02_24).\n - sctp: fix identification of new acks for SFR-CACC (git-fixes).\n - sctp: get sctphdr by offset in sctp_compute_cksum\n (networking-stable-19_03_28).\n - sctp: initialize _pad of sockaddr_in before copying to user memory\n (networking-stable-19_04_10).\n - sctp: only update outstanding_bytes for transmitted queue when doing\n prsctp_prune (git-fixes).\n - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes).\n - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810).\n - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510).\n - serial: ar933x_uart: Fix build failure with disabled console\n (bsc#1051510).\n - serial: uartps: console_setup() can't be placed to init section\n (bsc#1051510).\n - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()\n (networking-stable-19_02_24).\n - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510).\n - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510).\n - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510).\n - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510).\n - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()\n (bsc#1051510).\n - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510).\n - spi: Add missing pm_runtime_put_noidle() after failed get (bsc#1111666).\n - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios\n (bsc#1051510).\n - spi: bcm2835aux: setup gpio-cs to output and correct level during setup\n (bsc#1051510).\n - spi: bcm2835aux: warn in dmesg that native cs is not really supported\n (bsc#1051510).\n - spi-mem: fix kernel-doc for spi_mem_dirmap_{read|write}() (bsc#1111666).\n - spi: Micrel eth switch: declare missing of table (bsc#1051510).\n - spi: rspi: Fix sequencer reset during initialization (bsc#1051510).\n - spi: ST ST95HF NFC: declare missing of table (bsc#1051510).\n - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit\n (bsc#1051510).\n - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf\n (bsc#1051510).\n - staging: comedi: ni_usb6501: Fix use of uninitialized mutex\n (bsc#1051510).\n - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf\n (bsc#1051510).\n - staging: comedi: vmk80xx: Fix use of uninitialized semaphore\n (bsc#1051510).\n - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510).\n - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc\n (bsc#1051510).\n - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510).\n - staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc\n (bsc#1111666).\n - staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer\n dereference (bsc#1111666).\n - staging: vt6655: Fix interrupt race condition on device start up\n (bsc#1051510).\n - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510).\n - stm class: Fix an endless loop in channel allocation (bsc#1051510).\n - stm class: Fix channel free in stm output free path (bsc#1051510).\n - stm class: Prevent division by zero (bsc#1051510).\n - sunrpc: fix 4 more call sites that were using stack memory with a\n scatterlist (git-fixes).\n - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).\n - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).\n - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base\n (bsc#1131574).\n - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726).\n - svm: Fix AVIC DFR and LDR handling (bsc#1132558).\n - sysctl: handle overflow for file-max (bsc#1051510).\n - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).\n - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10).\n - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes).\n - tcp: purge write queue in tcp_connect_init() (git-fixes).\n - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20).\n - team: set slave to promisc if team is already in promisc mode\n (bsc#1051510).\n - testing: nvdimm: provide SZ_4G constant (bsc#1132982).\n - thermal: cpu_cooling: Actually trace CPU load in\n thermal_power_cpu_get_power (bsc#1051510).\n - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510).\n - thermal/int340x_thermal: fix mode setting (bsc#1051510).\n - thunderx: eliminate extra calls to put_page() for pages held for\n recycling (networking-stable-19_03_28).\n - thunderx: enable page recycling for non-XDP case\n (networking-stable-19_03_28).\n - tipc: fix race condition causing hung sendto\n (networking-stable-19_03_07).\n - tools/cpupower: Add Hygon Dhyana support ().\n - tools/cpupower: Add Hygon Dhyana support (fate#327735).\n - tools lib traceevent: Fix missing equality check for strcmp\n (bsc#1129770).\n - tpm: Fix the type of the return value in calc_tpm2_event_size()\n (bsc#1082555).\n - tracing: Fix a memory leak by early error exit in trace_pid_write()\n (bsc#1133702).\n - tracing: Fix buffer_ref pipe ops (bsc#1133698).\n - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes\n into account (bsc#1132527).\n - tty: increase the default flip buffer limit to 2*640K (bsc#1051510).\n - tty: pty: Fix race condition between release_one_tty and pty_write\n (bsc#1051510).\n - tty: serial_core, add ->install (bnc#1129693).\n - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0\n (bsc#1051510).\n - tun: add a missing rcu_read_unlock() in error path\n (networking-stable-19_03_28).\n - tun: fix blocking read (networking-stable-19_03_07).\n - tun: properly test for IFF_UP (networking-stable-19_03_28).\n - tun: remove unnecessary memory barrier (networking-stable-19_03_07).\n - uas: fix alignment of scatter/gather segments (bsc#1129770).\n - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour\n (bsc#1135323).\n - Update config files. Debug kernel is not supported (bsc#1135492).\n - Update config files: disable CONFIG_IDE for ppc64le\n - usb: cdc-acm: fix unthrottle races (bsc#1051510).\n - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510).\n - usb: core: Fix bug caused by duplicate interface PM usage counter\n (bsc#1051510).\n - usb: core: Fix unterminated string returned by usb_string()\n (bsc#1051510).\n - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510).\n - usb: f_fs: Avoid crash due to out-of-scope stack ptr access\n (bsc#1051510).\n - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510).\n - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510).\n - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510).\n - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902).\n - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510).\n - usb: serial: fix unthrottle races (bsc#1051510).\n - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510).\n - usb: u132-hcd: fix resource leak (bsc#1051510).\n - usb: usb251xb: fix to avoid potential NULL pointer dereference\n (bsc#1051510).\n - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510).\n - usb: w1 ds2490: Fix bug caused by improper use of altsetting array\n (bsc#1051510).\n - usb: yurex: Fix protection fault after device removal (bsc#1051510).\n - vfio/mdev: Avoid release parent reference during error path\n (bsc#1051510).\n - vfio/mdev: Fix aborting mdev child device removal if one fails\n (bsc#1051510).\n - vfio_pci: Enable memory accesses before calling pci_map_rom\n (bsc#1051510).\n - vfio/pci: use correct format characters (bsc#1051510).\n - vfs: allow dedupe of user owned read-only files (bsc#1133778,\n bsc#1132219).\n - vfs: avoid problematic remapping requests into partial EOF block\n (bsc#1133850, bsc#1132219).\n - vfs: dedupe: extract helper for a single dedup (bsc#1133769,\n bsc#1132219).\n - vfs: dedupe should return EPERM if permission is not granted\n (bsc#1133779, bsc#1132219).\n - vfs: exit early from zero length remap operations (bsc#1132411,\n bsc#1132219).\n - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772,\n bsc#1132219).\n - vfs: limit size of dedupe (bsc#1132397, bsc#1132219).\n - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852,\n bsc#1132219).\n - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219).\n - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774,\n bsc#1132219).\n - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from\n beyond EOF (bsc#1133780, bsc#1132219).\n - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510).\n - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510).\n - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510).\n - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510).\n - vrf: check accept_source_route on the original netdevice\n (networking-stable-19_04_10).\n - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510).\n - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock\n (bsc#1051510).\n - vsock/virtio: Initialize core virtio vsock before registering the driver\n (bsc#1051510).\n - vsock/virtio: reset connected sockets on device removal (bsc#1051510).\n - vt: always call notifier with the console lock held (bsc#1051510).\n - vxlan: Do not call gro_cells_destroy() before device is unregistered\n (networking-stable-19_03_28).\n - vxlan: test dev->flags & IFF_UP before calling netif_rx()\n (networking-stable-19_02_20).\n - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies\n (bsc#1051510).\n - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure\n (bsc#1051510).\n - x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735).\n - x86/amd_nb: Check vendor in AMD-only functions (fate#327735).\n - x86/apic: Add Hygon Dhyana support (fate#327735).\n - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery\n (fate#327735).\n - x86/cpu: Create Hygon Dhyana architecture support file (fate#327735).\n - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana ().\n - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana\n (fate#327735).\n - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (fate#327735).\n - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331).\n - x86/events: Add Hygon Dhyana support to PMU infrastructure\n (fate#327735).\n - x86/kvm: Add Hygon Dhyana support to KVM (fate#327735).\n - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init\n (bsc#1132572).\n - x86/mce: Add Hygon Dhyana support to the MCA infrastructure\n (fate#327735).\n - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank\n types (bsc#1128415).\n - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units\n (bsc#1128415).\n - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types\n (bsc#1128415).\n - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type\n (bsc#1128415).\n - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415).\n - x86/mce: Do not disable MCA banks when offlining a CPU on AMD\n (fate#327735).\n - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415).\n - x86/mce: Handle varying MCA bank counts (bsc#1128415).\n - x86/msr-index: Cleanup bit defines (bsc#1111331).\n - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318).\n - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge\n (fate#327735).\n - x86/perf/amd: Remove need to check "running" bit in NMI handler\n (bsc#1131438).\n - x86/perf/amd: Resolve NMI latency issues for active PMCs (bsc#1131438).\n - x86/perf/amd: Resolve race condition when disabling PMC (bsc#1131438).\n - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana\n (fate#327735).\n - x86/speculation/mds: Fix documentation typo (bsc#1135642).\n - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279).\n - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178).\n - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904).\n - x86/xen: Add Hygon Dhyana support to Xen (fate#327735).\n - xen-netback: do not populate the hash cache on XenBus disconnect\n (networking-stable-19_03_07).\n - xen-netback: fix occasional leak of grant ref mappings under memory\n pressure (networking-stable-19_03_07).\n - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600).\n - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes).\n - xfrm6: call kfree_skb when skb is toobig (git-fixes).\n - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos\n (git-fixes).\n - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes).\n - xfrm: fix missing dst_release() after policy blocking lbcast and\n multicast (git-fixes).\n - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes).\n - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes).\n - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes).\n - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes).\n - xfrm: reset crypto_done when iterating over multiple input xfrms\n (git-fixes).\n - xfrm: reset transport header back to network header after all input\n transforms ahave been applied (git-fixes).\n - xfrm: Return error on unknown encap_type in init_state (git-fixes).\n - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes).\n - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes).\n - xfs: add log item pinning error injection tag (bsc#1114427).\n - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674).\n - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes\n (bsc#1132370, bsc#1132219).\n - xfs: buffer lru reference count error injection tag (bsc#1114427).\n - xfs: call xfs_qm_dqattach before performing reflink operations\n (bsc#1132368, bsc#1132219).\n - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219).\n - xfs: check _btree_check_block value (bsc#1123663).\n - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413,\n bsc#1132219).\n - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427).\n - xfs: create block pointer check functions (bsc#1123663).\n - xfs: create inode pointer verifiers (bsc#1114427).\n - xfs: detect and fix bad summary counts at mount (bsc#1114427).\n - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub\n (bsc#1114427).\n - xfs: export various function for the online scrubber (bsc#1123663).\n - xfs: expose errortag knobs via sysfs (bsc#1114427).\n - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405,\n bsc#1132219).\n - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407,\n bsc#1132219).\n - xfs: fix pagecache truncation prior to reflink (bsc#1132412,\n bsc#1132219).\n - xfs: fix reporting supported extra file attributes for statx()\n (bsc#1133529).\n - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427).\n - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414,\n bsc#1132219).\n - xfs: force summary counter recalc at next mount (bsc#1114427).\n - xfs: hold xfs_buf locked between shortform->leaf conversion and the\n addition of an attribute (bsc#1133675).\n - xfs: kill meaningless variable 'zero' (bsc#1106011).\n - xfs: make errortag a per-mountpoint structure (bsc#1123663).\n - xfs: move error injection tags into their own file (bsc#1114427).\n - xfs: only grab shared inode locks for source file during reflink\n (bsc#1132372, bsc#1132219).\n - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011).\n - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL\n (bsc#1106011).\n - xfs: refactor btree block header checking functions (bsc#1123663).\n - xfs: refactor btree pointer checks (bsc#1123663).\n - xfs: refactor clonerange preparation into a separate helper\n (bsc#1132402, bsc#1132219).\n - xfs: refactor unmount record write (bsc#1114427).\n - xfs: refactor xfs_trans_roll (bsc#1133667).\n - xfs: reflink find shared should take a transaction (bsc#1132226,\n bsc#1132219).\n - xfs: reflink should break pnfs leases before sharing blocks\n (bsc#1132369, bsc#1132219).\n - xfs: remove dest file's post-eof preallocations before reflinking\n (bsc#1132365, bsc#1132219).\n - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672).\n - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663).\n - xfs: remove xfs_zero_range (bsc#1106011).\n - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663).\n - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668).\n - xfs: replace log_badcrc_factor knob with error injection tag\n (bsc#1114427).\n - xfs: sanity-check the unused space before trying to use it (bsc#1123663).\n - xfs: update ctime and remove suid before cloning files (bsc#1132404,\n bsc#1132219).\n - xfs: zero posteof blocks when cloning above eof (bsc#1132403,\n bsc#1132219).\n\n", "edition": 1, "modified": "2019-05-31T12:16:53", "published": "2019-05-31T12:16:53", "id": "OPENSUSE-SU-2019:1479-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-02-02T13:15:38", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11884", "CVE-2019-9500", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-11599", "CVE-2019-11477", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-3846", "CVE-2019-5489", "CVE-2019-10126", "CVE-2019-11479"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4465-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 17, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2019-3846 CVE-2019-5489 CVE-2019-9500 CVE-2019-9503\n CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479\n CVE-2019-11486 CVE-2019-11599 CVE-2019-11815 CVE-2019-11833\n CVE-2019-11884\nDebian Bug : 928989\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2019-3846, CVE-2019-10126\n\n huangwen reported multiple buffer overflows in the Marvell wifi\n (mwifiex) driver, which a local user could use to cause denial of\n service or the execution of arbitrary code.\n\nCVE-2019-5489\n\n Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari\n Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh\n discovered that local users could use the mincore() system call to\n obtain sensitive information from other processes that access the\n same memory-mapped file.\n\nCVE-2019-9500, CVE-2019-9503\n\n Hugues Anguelkov discovered a buffer overflow and missing access\n validation in the Broadcom FullMAC wifi driver (brcmfmac), which a\n attacker on the same wifi network could use to cause denial of\n service or the execution of arbitrary code.\n\nCVE-2019-11477\n\n Jonathan Looney reported that a specially crafted sequence of TCP\n selective acknowledgements (SACKs) allows a remotely triggerable\n kernel panic.\n\nCVE-2019-11478\n\n Jonathan Looney reported that a specially crafted sequence of TCP\n selective acknowledgements (SACKs) will fragment the TCP\n retransmission queue, allowing an attacker to cause excessive\n resource usage.\n\nCVE-2019-11479\n\n Jonathan Looney reported that an attacker could force the Linux\n kernel to segment its responses into multiple TCP segments, each of\n which contains only 8 bytes of data, drastically increasing the\n bandwidth required to deliver the same amount of data.\n\n This update introduces a new sysctl value to control the minimal MSS\n (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard-\n coded value of 48. We recommend raising this to 536 unless you know\n that your network requires a lower value.\n\nCVE-2019-11486\n\n Jann Horn of Google reported numerous race conditions in the\n Siemens R3964 line discipline. A local user could use these to\n cause unspecified security impact. This module has therefore been\n disabled.\n\nCVE-2019-11599\n\n Jann Horn of Google reported a race condition in the core dump\n implementation which could lead to a use-after-free. A local\n user could use this to read sensitive information, to cause a\n denial of service (memory corruption), or for privilege\n escalation.\n\nCVE-2019-11815\n\n It was discovered that a use-after-free in the Reliable Datagram\n Sockets protocol could result in denial of service and potentially\n privilege escalation. This protocol module (rds) is not auto-\n loaded on Debian systems, so this issue only affects systems where\n it is explicitly loaded.\n\nCVE-2019-11833\n\n It was discovered that the ext4 filesystem implementation writes\n uninitialised data from kernel memory to new extent blocks. A\n local user able to write to an ext4 filesystem and then read the\n filesystem image, for example using a removable drive, might be\n able to use this to obtain sensitive information.\n\nCVE-2019-11884\n\n It was discovered that the Bluetooth HIDP implementation did not\n ensure that new connection names were null-terminated. A local\n user with CAP_NET_ADMIN capability might be able to use this to\n obtain sensitive information from the kernel stack.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.168-1+deb9u3.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 17, "modified": "2019-06-17T18:00:48", "published": "2019-06-17T18:00:48", "id": "DEBIAN:DSA-4465-1:304F1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00111.html", "title": "[SECURITY] [DSA 4465-1] linux security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:03:01", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11884", "CVE-2019-9500", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-11599", "CVE-2019-11477", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-3846", "CVE-2019-5489", "CVE-2019-10126", "CVE-2019-11479"], "description": "Package : linux-4.9\nVersion : 4.9.168-1+deb9u3~deb8u1\nCVE ID : CVE-2019-3846 CVE-2019-5489 CVE-2019-9500 CVE-2019-9503 \n CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 \n CVE-2019-11486 CVE-2019-11599 CVE-2019-11815 CVE-2019-11833 \n CVE-2019-11884\nDebian Bug : 928989\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2019-3846, CVE-2019-10126\n\n huangwen reported multiple buffer overflows in the Marvell wifi\n (mwifiex) driver, which a local user could use to cause denial of\n service or the execution of arbitrary code.\n\nCVE-2019-5489\n\n Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari\n Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh\n discovered that local users could use the mincore() system call to\n obtain sensitive information from other processes that access the\n same memory-mapped file.\n\nCVE-2019-9500, CVE-2019-9503\n\n Hugues Anguelkov discovered a buffer overflow and missing access\n validation in the Broadcom FullMAC wifi driver (brcmfmac), which a\n attacker on the same wifi network could use to cause denial of\n service or the execution of arbitrary code.\n\nCVE-2019-11477\n\n Jonathan Looney reported that a specially crafted sequence of TCP\n selective acknowledgements (SACKs) allows a remotely triggerable\n kernel panic.\n\nCVE-2019-11478\n\n Jonathan Looney reported that a specially crafted sequence of TCP\n selective acknowledgements (SACKs) will fragment the TCP\n retransmission queue, allowing an attacker to cause excessive\n resource usage.\n\nCVE-2019-11479\n\n Jonathan Looney reported that an attacker could force the Linux\n kernel to segment its responses into multiple TCP segments, each of\n which contains only 8 bytes of data, drastically increasing the\n bandwidth required to deliver the same amount of data.\n\n This update introduces a new sysctl value to control the minimal MSS\n (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard-\n coded value of 48. We recommend raising this to 536 unless you know\n that your network requires a lower value.\n\nCVE-2019-11486\n\n Jann Horn of Google reported numerous race conditions in the\n Siemens R3964 line discipline. A local user could use these to\n cause unspecified security impact. This module has therefore been\n disabled.\n\nCVE-2019-11599\n\n Jann Horn of Google reported a race condition in the core dump\n implementation which could lead to a use-after-free. A local\n user could use this to read sensitive information, to cause a\n denial of service (memory corruption), or for privilege\n escalation.\n\nCVE-2019-11815\n\n It was discovered that a use-after-free in the Reliable Datagram\n Sockets protocol could result in denial of service and potentially\n privilege escalation. This protocol module (rds) is not auto-\n loaded on Debian systems, so this issue only affects systems where\n it is explicitly loaded.\n\nCVE-2019-11833\n\n It was discovered that the ext4 filesystem implementation writes\n uninitialised data from kernel memory to new extent blocks. A\n local user able to write to an ext4 filesystem and then read the\n filesystem image, for example using a removable drive, might be\n able to use this to obtain sensitive information.\n\nCVE-2019-11884\n\n It was discovered that the Bluetooth HIDP implementation did not\n ensure that new connection names were null-terminated. A local\n user with CAP_NET_ADMIN capability might be able to use this to\n obtain sensitive information from the kernel stack.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n4.9.168-1+deb9u3~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "edition": 9, "modified": "2019-06-18T10:24:15", "published": "2019-06-18T10:24:15", "id": "DEBIAN:DLA-1824-1:6789E", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201906/msg00011.html", "title": "[SECURITY] [DLA 1824-1] linux-4.9 security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}