DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562311220191522", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1522)", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "published": "2020-01-23T00:00:00", "modified": "2020-02-05T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191522", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["2019-1522", "https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1522"], "cvelist": ["CVE-2016-9604", "CVE-2016-9084", "CVE-2014-9728", "CVE-2015-1465", "CVE-2018-6927", "CVE-2014-8709", "CVE-2016-8636", "CVE-2016-3156", "CVE-2017-8924", "CVE-2018-1065", "CVE-2018-18281", "CVE-2017-18270", "CVE-2016-2067", "CVE-2016-9576", "CVE-2013-4387", "CVE-2016-1237", "CVE-2016-3138", "CVE-2014-3183", "CVE-2015-8816", "CVE-2018-12896"], "immutableFields": [], "lastseen": "2020-02-05T16:36:16", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2013-233", "ALAS-2016-694", "ALAS-2016-726", "ALAS-2016-772", "ALAS-2017-782", "ALAS-2017-786"]}, {"type": "android", "idList": ["ANDROID:CVE-2015-8816", "ANDROID:CVE-2016-2067"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-07-01", "ANDROID:2016-09-01", "ANDROID:2017-03-01", "ANDROID:2018-07-01"]}, {"type": "archlinux", "idList": ["ASA-201702-17", "ASA-201702-18"]}, {"type": "avleonov", "idList": ["AVLEONOV:B1FBE34AF90D9EFE8FB00EA97D833417"]}, {"type": "broadcom", "idList": ["BSA-2017-304"]}, {"type": "centos", "idList": ["CESA-2013:1645", "CESA-2015:0290", "CESA-2015:1272", "CESA-2016:2574", "CESA-2017:0386", "CESA-2017:0817", "CESA-2017:1842", "CESA-2018:1062", "CESA-2019:2029"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:131A4556633D91C9BF0AE72696FADB89", "CFOUNDRY:357A3D675E310E16A6C343FB03145CD4", "CFOUNDRY:3F54C95B87B9551DBB314C8164D88E3A", "CFOUNDRY:61ADF14D6FEC14FA5E06A7684B091D19", "CFOUNDRY:897C3471765453EA05465A73CDC16BBB", "CFOUNDRY:ACBE18A36EB39832526C9AA3F7A3E9CE", "CFOUNDRY:C3D94F66B833B0AB95D359CF97DF9AA9", "CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1650576075"]}, {"type": "cve", "idList": ["CVE-2013-4387", "CVE-2014-3183", "CVE-2014-8709", "CVE-2014-9728", "CVE-2015-1465", "CVE-2015-8816", "CVE-2016-10088", "CVE-2016-1237", "CVE-2016-2067", "CVE-2016-3138", "CVE-2016-3156", "CVE-2016-8636", "CVE-2016-9084", "CVE-2016-9576", "CVE-2016-9604", "CVE-2017-18270", "CVE-2017-8924", "CVE-2018-1065", "CVE-2018-12896", "CVE-2018-18281", "CVE-2018-6927", "CVE-2020-14353"]}, {"type": "debian", "idList": ["DEBIAN:DLA-118-1:98410", "DEBIAN:DLA-118-1:A34E1", "DEBIAN:DLA-1369-1:33F82", "DEBIAN:DLA-1715-1:4A3F9", "DEBIAN:DLA-1731-1:D19BD", "DEBIAN:DLA-1731-2:E6E1E", "DEBIAN:DLA-246-1:C824B", "DEBIAN:DLA-246-2:ABC0D", "DEBIAN:DLA-516-1:B66B7", "DEBIAN:DLA-772-1:EB721", "DEBIAN:DLA-922-1:854C7", "DEBIAN:DLA-993-1:71AF5", "DEBIAN:DSA-3503-1:23448", "DEBIAN:DSA-3503-1:9DDFA", "DEBIAN:DSA-3607-1:0BD6E", "DEBIAN:DSA-3607-1:29E1C", "DEBIAN:DSA-3886-1:89166", "DEBIAN:DSA-3886-1:F6458", "DEBIAN:DSA-4187-1:481CA", "DEBIAN:DSA-4187-1:E8170", "DEBIAN:DSA-4188-1:B3909", "DEBIAN:DSA-4188-1:E4177"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-4387", "DEBIANCVE:CVE-2014-3183", "DEBIANCVE:CVE-2014-8709", "DEBIANCVE:CVE-2014-9728", "DEBIANCVE:CVE-2015-1465", "DEBIANCVE:CVE-2015-8816", "DEBIANCVE:CVE-2016-10088", "DEBIANCVE:CVE-2016-1237", "DEBIANCVE:CVE-2016-3138", "DEBIANCVE:CVE-2016-3156", "DEBIANCVE:CVE-2016-8636", "DEBIANCVE:CVE-2016-9084", "DEBIANCVE:CVE-2016-9576", "DEBIANCVE:CVE-2016-9604", "DEBIANCVE:CVE-2017-18270", "DEBIANCVE:CVE-2017-8924", "DEBIANCVE:CVE-2018-1065", "DEBIANCVE:CVE-2018-12896", "DEBIANCVE:CVE-2018-18281", "DEBIANCVE:CVE-2018-6927"]}, {"type": "f5", "idList": ["F5:K05513373", "F5:K17447", "F5:K36462841", "F5:K37301725", "F5:K54610514", "SOL15908", "SOL15911", "SOL17124", "SOL17447"]}, {"type": "fedora", "idList": ["FEDORA:08D3760E6566", "FEDORA:0960721640", "FEDORA:0DC87601457E", "FEDORA:10F7D6255145", "FEDORA:122AE604D3F9", "FEDORA:131186087E1C", "FEDORA:1317A20FE4", "FEDORA:13273218E5", "FEDORA:18E4222173", "FEDORA:1AE8521943", "FEDORA:1CAC0608E6F2", "FEDORA:1DA3D221C6", "FEDORA:1DB63211A2", "FEDORA:1EFAB60ACFB0", "FEDORA:2281662F1093", "FEDORA:23B6E225A0", "FEDORA:250CB6087A80", "FEDORA:25BDD6190ECF", "FEDORA:2784A21C29", "FEDORA:280D922723", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:2BA602158D", "FEDORA:3060D60E9A21", "FEDORA:30991220A7", "FEDORA:30C5820E79", "FEDORA:3266960F0E44", "FEDORA:3D4286087E43", "FEDORA:3D786608E6C3", "FEDORA:41B546014626", "FEDORA:42DA3601FD86", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:4B62F60A865A", "FEDORA:4D5AD601FDAC", "FEDORA:4F34C605E513", "FEDORA:50E6E6087656", "FEDORA:547D9626ACA1", "FEDORA:56A5821917", "FEDORA:5D742610B071", "FEDORA:5D94521889", "FEDORA:621A2609A69C", "FEDORA:648496077DD1", "FEDORA:6A93C20D15", "FEDORA:6B39A60C690C", "FEDORA:6B66A6047312", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:73C3960CDDB3", "FEDORA:74245604D4DA", "FEDORA:756F822091", "FEDORA:7640C641CB61", "FEDORA:7734E613B647", "FEDORA:82AC021598", "FEDORA:87BD56087904", "FEDORA:8BF45213A1", "FEDORA:8EFBC604949F", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:936A4223EA", "FEDORA:95A686085F81", "FEDORA:9D83A60EFF4F", "FEDORA:9E3D9606D195", "FEDORA:9FA6021249", "FEDORA:A06C76049D3D", "FEDORA:A9A0D60DF38A", "FEDORA:AAF2F60D7C3E", "FEDORA:AB52460321C9", "FEDORA:AC7FC600CFCA", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:B83986079D12", "FEDORA:B87B460876BA", "FEDORA:BA8EE21864", "FEDORA:BBFE360460D0", "FEDORA:BD35260BC96F", "FEDORA:BE101604CBF2", "FEDORA:C49D061F375F", "FEDORA:C64AE6007F37", "FEDORA:C65F560874BD", "FEDORA:CC8F4606D16C", "FEDORA:D15E060F33C2", "FEDORA:D69CC24B48", "FEDORA:D6CAE607A456", "FEDORA:D6F86601E6D9", "FEDORA:D89B960F8CA9", "FEDORA:DA71D21D19", "FEDORA:DB49F219DE", "FEDORA:DF5176048167", "FEDORA:E37FD60924F1", "FEDORA:E6C59213CA", "FEDORA:E6F08605DCE7", "FEDORA:E878E60F237D", "FEDORA:E93AE6077DCD", "FEDORA:E99C02072E", "FEDORA:EBB026048D2E"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:60F2E118E85CB34AAEEAED9DE88D51AF"]}, {"type": "ibm", "idList": ["091C926DD3372A48BCEFCA3A598C2A54BAEA4FF0AC1ADA170D539846CF9E0B12", "0C9BE2F3A245999460BB6BC497E21EC27992E79FB4C1D769E6D1CF729AB33300", "0E0A5A7B6700741752FA21EFE9AB43CC6637781C0541DB39566FEB4927470584", "1DD8AD31B2B7F723FCEA86A5AA6310F75AC2C26DE6A2D73D7EFE783E7CB3CB21", "289F46B747F4C8F26E8F8D17623E34EDE1DB7595184FCDCC87FEDCC356AC9965", "2ABC4CD376C07922A3144CF8116D979F4BDDE16EED9AADA11262FBF58C851DBF", "4BB2759DF5CBB6BF54A7D60BF1046942C755D661255DAAC4EF3C0614D1A3AF9A", "61EAA34D5E4645B71F124164E8135272DB3119CF3ABDC2864377B692FCF87527", "75F4CE8201FAA026B444CA3308E12CA9B1FBD302D6BDA963D3635F7318CA3ADB", "A0B51C5217767E75AB974BA93584FB1F969514BA8D7EE9EDD025C20F274C1D2F", "A18DD1594298170A7AF630CBFFA73E78138125D119FBC5D156128BBBD99A03EC", "A3ECA2FADF3E248DCF026E08D24250DA5644166428EA8CC2D77F20F0FD2FCE99", "AF6E3EC9D5A5C3CF688EF87142347E0688A4AE1CB6831F92326966B86BF2D9C1", "B7EDA2450D13E204B60C3A3E7379E6FCCD587CB32FEB5041ADDA6CB8E3C44FC3", "CD9B5BF488F3327F1A5D08B8A25E9EF90D7304376F44A16FB3F05E06566E80FF", "F092FBBD34304315E258962CA397F72D24D88CD673A181734FDCE39754098484"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2013-0342", "MGASA-2013-0343", "MGASA-2013-0344", "MGASA-2013-0345", "MGASA-2013-0346", "MGASA-2013-0371", "MGASA-2013-0372", "MGASA-2013-0373", "MGASA-2013-0374", "MGASA-2013-0375", "MGASA-2015-0070", "MGASA-2015-0076", "MGASA-2015-0077", "MGASA-2015-0078", "MGASA-2016-0271", "MGASA-2016-0283", "MGASA-2016-0284", "MGASA-2016-0429", "MGASA-2017-0003", "MGASA-2017-0004", "MGASA-2017-0136", "MGASA-2017-0147", "MGASA-2017-0148", "MGASA-2018-0172", "MGASA-2018-0264", "MGASA-2018-0265", "MGASA-2018-0417", "MGASA-2018-0418", "MGASA-2018-0419"]}, {"type": "nessus", "idList": ["ALA_ALAS-2013-233.NASL", "ALA_ALAS-2016-694.NASL", "ALA_ALAS-2016-726.NASL", "ALA_ALAS-2016-772.NASL", "ALA_ALAS-2017-782.NASL", "ALA_ALAS-2017-786.NASL", "CENTOS_RHSA-2013-1645.NASL", "CENTOS_RHSA-2015-0290.NASL", "CENTOS_RHSA-2015-1272.NASL", "CENTOS_RHSA-2016-2574.NASL", "CENTOS_RHSA-2017-0386.NASL", "CENTOS_RHSA-2017-0817.NASL", "CENTOS_RHSA-2017-1842.NASL", "CENTOS_RHSA-2018-1062.NASL", "CENTOS_RHSA-2019-2029.NASL", "DEBIAN_DLA-118.NASL", "DEBIAN_DLA-1369.NASL", "DEBIAN_DLA-1715.NASL", "DEBIAN_DLA-1731.NASL", "DEBIAN_DLA-246.NASL", "DEBIAN_DLA-516.NASL", "DEBIAN_DLA-772.NASL", "DEBIAN_DLA-922.NASL", "DEBIAN_DLA-993.NASL", "DEBIAN_DSA-3503.NASL", "DEBIAN_DSA-3607.NASL", "DEBIAN_DSA-3886.NASL", "DEBIAN_DSA-4187.NASL", "DEBIAN_DSA-4188.NASL", "EULEROS_SA-2017-1001.NASL", "EULEROS_SA-2017-1122.NASL", "EULEROS_SA-2017-1123.NASL", "EULEROS_SA-2017-1159.NASL", "EULEROS_SA-2018-1054.NASL", "EULEROS_SA-2018-1133.NASL", "EULEROS_SA-2018-1246.NASL", "EULEROS_SA-2018-1280.NASL", "EULEROS_SA-2018-1297.NASL", "EULEROS_SA-2019-1062.NASL", "EULEROS_SA-2019-1076.NASL", "EULEROS_SA-2019-1108.NASL", "EULEROS_SA-2019-1131.NASL", "EULEROS_SA-2019-1244.NASL", "EULEROS_SA-2019-1253.NASL", "EULEROS_SA-2019-1475.NASL", "EULEROS_SA-2019-1483.NASL", "EULEROS_SA-2019-1485.NASL", "EULEROS_SA-2019-1489.NASL", "EULEROS_SA-2019-1492.NASL", "EULEROS_SA-2019-1496.NASL", "EULEROS_SA-2019-1502.NASL", "EULEROS_SA-2019-1504.NASL", "EULEROS_SA-2019-1512.NASL", "EULEROS_SA-2019-1522.NASL", "EULEROS_SA-2019-1972.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2599.NASL", "F5_BIGIP_SOL05513373.NASL", "F5_BIGIP_SOL36462841.NASL", "F5_BIGIP_SOL54610514.NASL", "FEDORA_2013-18364.NASL", "FEDORA_2013-18820.NASL", "FEDORA_2013-18822.NASL", "FEDORA_2013-18867.NASL", "FEDORA_2015-1657.NASL", "FEDORA_2015-1672.NASL", "FEDORA_2016-02ED08BF15.NASL", "FEDORA_2016-107F03CC00.NASL", "FEDORA_2016-3A57B19360.NASL", "FEDORA_2016-5AFF4A6BBC.NASL", "FEDORA_2016-5CB5B4082D.NASL", "FEDORA_2016-73A733F4D9.NASL", "FEDORA_2016-7E602C0E5E.NASL", "FEDORA_2016-81FD1B03AA.NASL", "FEDORA_2016-96D276367E.NASL", "FEDORA_2016-9A16B2E14E.NASL", "FEDORA_2016-ED5110C4BB.NASL", "FEDORA_2016-EE3A114958.NASL", "FEDORA_2017-0AA0F69E0C.NASL", "FEDORA_2017-17D1C05236.NASL", "FEDORA_2018-2BCE10900E.NASL", "FEDORA_2018-50075276E8.NASL", "FEDORA_2018-8484550FFF.NASL", "MANDRIVA_MDVSA-2013-265.NASL", "NEWSTART_CGSL_NS-SA-2019-0004_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0113_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2021-0008_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_16_0_1.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "NUTANIX_NXSA-AOS-5_17.NASL", "OPENSUSE-2014-791.NASL", "OPENSUSE-2014-793.NASL", "OPENSUSE-2015-543.NASL", "OPENSUSE-2016-1015.NASL", "OPENSUSE-2016-1076.NASL", "OPENSUSE-2016-1227.NASL", "OPENSUSE-2016-124.NASL", "OPENSUSE-2016-1426.NASL", "OPENSUSE-2016-1428.NASL", "OPENSUSE-2016-1438.NASL", "OPENSUSE-2016-1439.NASL", "OPENSUSE-2016-1454.NASL", "OPENSUSE-2016-518.NASL", "OPENSUSE-2016-629.NASL", "OPENSUSE-2016-862.NASL", "OPENSUSE-2017-246.NASL", "OPENSUSE-2018-1016.NASL", "OPENSUSE-2018-1140.NASL", "OPENSUSE-2018-1427.NASL", "OPENSUSE-2018-1548.NASL", "OPENSUSE-2018-514.NASL", "OPENSUSE-2019-769.NASL", "OPENSUSE-2019-974.NASL", "ORACLELINUX_ELSA-2013-1645.NASL", "ORACLELINUX_ELSA-2013-2583.NASL", "ORACLELINUX_ELSA-2013-2584.NASL", "ORACLELINUX_ELSA-2015-0290.NASL", "ORACLELINUX_ELSA-2015-1272.NASL", "ORACLELINUX_ELSA-2015-3014.NASL", "ORACLELINUX_ELSA-2015-3015.NASL", "ORACLELINUX_ELSA-2016-2574.NASL", "ORACLELINUX_ELSA-2016-3596.NASL", "ORACLELINUX_ELSA-2017-0386.NASL", "ORACLELINUX_ELSA-2017-0817.NASL", "ORACLELINUX_ELSA-2017-1842-1.NASL", "ORACLELINUX_ELSA-2017-1842.NASL", "ORACLELINUX_ELSA-2017-3514.NASL", "ORACLELINUX_ELSA-2017-3533.NASL", "ORACLELINUX_ELSA-2017-3534.NASL", "ORACLELINUX_ELSA-2017-3535.NASL", "ORACLELINUX_ELSA-2017-3597.NASL", "ORACLELINUX_ELSA-2017-3605.NASL", "ORACLELINUX_ELSA-2017-3606.NASL", "ORACLELINUX_ELSA-2017-3607.NASL", "ORACLELINUX_ELSA-2017-3609.NASL", "ORACLELINUX_ELSA-2017-3657.NASL", "ORACLELINUX_ELSA-2017-3658.NASL", "ORACLELINUX_ELSA-2017-3659.NASL", "ORACLELINUX_ELSA-2018-1062.NASL", "ORACLELINUX_ELSA-2018-4114.NASL", "ORACLELINUX_ELSA-2018-4193.NASL", "ORACLELINUX_ELSA-2018-4242.NASL", "ORACLELINUX_ELSA-2018-4300.NASL", "ORACLELINUX_ELSA-2018-4301.NASL", "ORACLELINUX_ELSA-2019-4316.NASL", "ORACLELINUX_ELSA-2020-5706.NASL", "ORACLELINUX_ELSA-2020-5708.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2020-5879.NASL", "ORACLELINUX_ELSA-2020-5881.NASL", "ORACLELINUX_ELSA-2022-9852.NASL", "ORACLEVM_OVMSA-2016-0100.NASL", "ORACLEVM_OVMSA-2017-0039.NASL", "ORACLEVM_OVMSA-2017-0143.NASL", "ORACLEVM_OVMSA-2017-0144.NASL", "ORACLEVM_OVMSA-2017-0145.NASL", "ORACLEVM_OVMSA-2017-0173.NASL", "ORACLEVM_OVMSA-2017-0174.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLEVM_OVMSA-2018-0223.NASL", "ORACLEVM_OVMSA-2020-0020.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2022-0026.NASL", "REDHAT-RHSA-2013-1490.NASL", "REDHAT-RHSA-2013-1527.NASL", "REDHAT-RHSA-2013-1645.NASL", "REDHAT-RHSA-2014-0284.NASL", "REDHAT-RHSA-2015-0290.NASL", "REDHAT-RHSA-2015-1272.NASL", "REDHAT-RHSA-2016-2574.NASL", "REDHAT-RHSA-2016-2584.NASL", "REDHAT-RHSA-2017-0386.NASL", "REDHAT-RHSA-2017-0387.NASL", "REDHAT-RHSA-2017-0817.NASL", "REDHAT-RHSA-2017-1842.NASL", "REDHAT-RHSA-2017-2077.NASL", "REDHAT-RHSA-2017-2669.NASL", "REDHAT-RHSA-2018-0412.NASL", "REDHAT-RHSA-2018-0654.NASL", "REDHAT-RHSA-2018-0676.NASL", "REDHAT-RHSA-2018-1062.NASL", "REDHAT-RHSA-2018-2948.NASL", "REDHAT-RHSA-2019-0831.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2020-0036.NASL", "REDHAT-RHSA-2020-0100.NASL", "REDHAT-RHSA-2020-0103.NASL", "REDHAT-RHSA-2020-0179.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SL_20131121_KERNEL_ON_SL6_X.NASL", "SL_20150305_KERNEL_ON_SL7_X.NASL", "SL_20150722_KERNEL_ON_SL6_X.NASL", "SL_20161103_KERNEL_ON_SL7_X.NASL", "SL_20170302_KERNEL_ON_SL7_X.NASL", "SL_20170321_KERNEL_ON_SL6_X.NASL", "SL_20170801_KERNEL_ON_SL7_X.NASL", "SL_20180410_KERNEL_ON_SL7_X.NASL", "SL_20190806_KERNEL_ON_SL7_X.NASL", "SUSE_11_KERNEL-141202.NASL", "SUSE_11_KERNEL-141217.NASL", "SUSE_SU-2014-0536-1.NASL", "SUSE_SU-2015-0481-1.NASL", "SUSE_SU-2015-0652-1.NASL", "SUSE_SU-2015-1071-1.NASL", "SUSE_SU-2015-1324-1.NASL", "SUSE_SU-2015-1611-1.NASL", "SUSE_SU-2015-1678-1.NASL", "SUSE_SU-2016-1019-1.NASL", "SUSE_SU-2016-1203-1.NASL", "SUSE_SU-2016-1672-1.NASL", "SUSE_SU-2016-1690-1.NASL", "SUSE_SU-2016-1696-1.NASL", "SUSE_SU-2016-1995-1.NASL", "SUSE_SU-2016-2001-1.NASL", "SUSE_SU-2016-2002-1.NASL", "SUSE_SU-2016-2005-1.NASL", "SUSE_SU-2016-2006-1.NASL", "SUSE_SU-2016-2010-1.NASL", "SUSE_SU-2016-2014-1.NASL", "SUSE_SU-2016-2074-1.NASL", "SUSE_SU-2016-3146-1.NASL", "SUSE_SU-2016-3188-1.NASL", "SUSE_SU-2016-3203-1.NASL", "SUSE_SU-2016-3217-1.NASL", "SUSE_SU-2016-3248-1.NASL", "SUSE_SU-2016-3252-1.NASL", "SUSE_SU-2017-0181-1.NASL", "SUSE_SU-2017-0244-1.NASL", "SUSE_SU-2017-0245-1.NASL", "SUSE_SU-2017-0246-1.NASL", "SUSE_SU-2017-0247-1.NASL", "SUSE_SU-2017-0248-1.NASL", "SUSE_SU-2017-0249-1.NASL", "SUSE_SU-2017-0267-1.NASL", "SUSE_SU-2017-0268-1.NASL", "SUSE_SU-2017-0333-1.NASL", "SUSE_SU-2017-0437-1.NASL", "SUSE_SU-2017-0464-1.NASL", "SUSE_SU-2017-0471-1.NASL", "SUSE_SU-2017-0494-1.NASL", "SUSE_SU-2017-1360-1.NASL", "SUSE_SU-2017-1853-1.NASL", "SUSE_SU-2017-2389-1.NASL", "SUSE_SU-2017-2525-1.NASL", "SUSE_SU-2017-2908-1.NASL", "SUSE_SU-2017-2920-1.NASL", "SUSE_SU-2018-0834-1.NASL", "SUSE_SU-2018-0848-1.NASL", "SUSE_SU-2018-1080-1.NASL", "SUSE_SU-2018-1172-1.NASL", "SUSE_SU-2018-1366-1.NASL", "SUSE_SU-2018-1855-1.NASL", "SUSE_SU-2018-1855-2.NASL", "SUSE_SU-2018-2776-1.NASL", "SUSE_SU-2018-2858-1.NASL", "SUSE_SU-2018-2879-1.NASL", "SUSE_SU-2018-2908-1.NASL", "SUSE_SU-2018-2980-1.NASL", "SUSE_SU-2018-3083-1.NASL", "SUSE_SU-2018-3084-1.NASL", "SUSE_SU-2018-3618-1.NASL", "SUSE_SU-2018-3689-1.NASL", "SUSE_SU-2018-3746-1.NASL", "SUSE_SU-2018-4069-1.NASL", "SUSE_SU-2019-0095-1.NASL", "SUSE_SU-2019-0222-1.NASL", "SUSE_SU-2019-0224-1.NASL", "SUSE_SU-2019-0439-1.NASL", "SUSE_SU-2019-1287-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-13937-1.NASL", "SUSE_SU-2021-14630-1.NASL", "UBUNTU_USN-2019-1.NASL", "UBUNTU_USN-2021-1.NASL", "UBUNTU_USN-2038-1.NASL", "UBUNTU_USN-2041-1.NASL", "UBUNTU_USN-2045-1.NASL", "UBUNTU_USN-2049-1.NASL", "UBUNTU_USN-2233-1.NASL", "UBUNTU_USN-2234-1.NASL", "UBUNTU_USN-2441-1.NASL", "UBUNTU_USN-2442-1.NASL", "UBUNTU_USN-2545-1.NASL", "UBUNTU_USN-2546-1.NASL", "UBUNTU_USN-2562-1.NASL", "UBUNTU_USN-2563-1.NASL", "UBUNTU_USN-2965-1.NASL", "UBUNTU_USN-2965-2.NASL", "UBUNTU_USN-2965-3.NASL", "UBUNTU_USN-2965-4.NASL", "UBUNTU_USN-2968-1.NASL", "UBUNTU_USN-2968-2.NASL", "UBUNTU_USN-2969-1.NASL", "UBUNTU_USN-2970-1.NASL", "UBUNTU_USN-2971-1.NASL", "UBUNTU_USN-2971-2.NASL", "UBUNTU_USN-2971-3.NASL", "UBUNTU_USN-2996-1.NASL", "UBUNTU_USN-3053-1.NASL", "UBUNTU_USN-3070-1.NASL", "UBUNTU_USN-3070-2.NASL", "UBUNTU_USN-3070-3.NASL", "UBUNTU_USN-3070-4.NASL", "UBUNTU_USN-3312-1.NASL", "UBUNTU_USN-3312-2.NASL", "UBUNTU_USN-3314-1.NASL", "UBUNTU_USN-3359-1.NASL", "UBUNTU_USN-3360-1.NASL", "UBUNTU_USN-3361-1.NASL", "UBUNTU_USN-3422-1.NASL", "UBUNTU_USN-3619-1.NASL", "UBUNTU_USN-3619-2.NASL", "UBUNTU_USN-3654-1.NASL", "UBUNTU_USN-3654-2.NASL", "UBUNTU_USN-3656-1.NASL", "UBUNTU_USN-3697-1.NASL", "UBUNTU_USN-3697-2.NASL", "UBUNTU_USN-3698-1.NASL", "UBUNTU_USN-3754-1.NASL", "UBUNTU_USN-3832-1.NASL", "UBUNTU_USN-3835-1.NASL", "UBUNTU_USN-3847-1.NASL", "UBUNTU_USN-3847-2.NASL", "UBUNTU_USN-3847-3.NASL", "UBUNTU_USN-3848-1.NASL", "UBUNTU_USN-3848-2.NASL", "UBUNTU_USN-3849-1.NASL", "UBUNTU_USN-3871-1.NASL", "UBUNTU_USN-3871-2.NASL", "UBUNTU_USN-3871-3.NASL", "UBUNTU_USN-3871-4.NASL", "UBUNTU_USN-3871-5.NASL", "UBUNTU_USN-3880-1.NASL", "VIRTUOZZO_VZA-2017-025.NASL", "VIRTUOZZO_VZA-2018-029.NASL", "VIRTUOZZO_VZLSA-2017-0386.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120191", "OPENVAS:1361412562310120683", "OPENVAS:1361412562310120715", "OPENVAS:1361412562310123058", "OPENVAS:1361412562310123159", "OPENVAS:1361412562310123160", "OPENVAS:1361412562310123167", "OPENVAS:1361412562310123510", "OPENVAS:1361412562310123512", "OPENVAS:1361412562310123528", "OPENVAS:1361412562310703503", "OPENVAS:1361412562310703607", "OPENVAS:1361412562310703886", "OPENVAS:1361412562310704187", "OPENVAS:1361412562310704188", "OPENVAS:1361412562310807730", "OPENVAS:1361412562310807733", "OPENVAS:1361412562310807779", "OPENVAS:1361412562310808556", "OPENVAS:1361412562310808716", "OPENVAS:1361412562310810159", "OPENVAS:1361412562310810170", "OPENVAS:1361412562310814563", "OPENVAS:1361412562310841626", "OPENVAS:1361412562310841627", "OPENVAS:1361412562310841629", "OPENVAS:1361412562310841640", "OPENVAS:1361412562310841643", "OPENVAS:1361412562310841645", "OPENVAS:1361412562310841647", "OPENVAS:1361412562310841655", "OPENVAS:1361412562310841656", "OPENVAS:1361412562310841847", "OPENVAS:1361412562310841852", "OPENVAS:1361412562310842140", "OPENVAS:1361412562310842141", "OPENVAS:1361412562310842160", "OPENVAS:1361412562310842161", "OPENVAS:1361412562310842734", "OPENVAS:1361412562310842736", "OPENVAS:1361412562310842737", "OPENVAS:1361412562310842738", "OPENVAS:1361412562310842739", "OPENVAS:1361412562310842742", "OPENVAS:1361412562310842743", "OPENVAS:1361412562310842744", "OPENVAS:1361412562310842755", "OPENVAS:1361412562310842759", "OPENVAS:1361412562310842762", "OPENVAS:1361412562310842792", "OPENVAS:1361412562310842795", "OPENVAS:1361412562310842859", "OPENVAS:1361412562310842875", "OPENVAS:1361412562310842876", "OPENVAS:1361412562310842877", "OPENVAS:1361412562310842878", "OPENVAS:1361412562310843198", "OPENVAS:1361412562310843199", "OPENVAS:1361412562310843200", "OPENVAS:1361412562310843247", "OPENVAS:1361412562310843249", "OPENVAS:1361412562310843250", "OPENVAS:1361412562310843312", "OPENVAS:1361412562310843496", "OPENVAS:1361412562310843497", "OPENVAS:1361412562310843530", "OPENVAS:1361412562310843531", "OPENVAS:1361412562310843535", "OPENVAS:1361412562310843572", "OPENVAS:1361412562310843573", "OPENVAS:1361412562310843574", "OPENVAS:1361412562310843628", "OPENVAS:1361412562310843840", "OPENVAS:1361412562310843841", "OPENVAS:1361412562310843856", "OPENVAS:1361412562310843857", "OPENVAS:1361412562310843858", "OPENVAS:1361412562310843859", "OPENVAS:1361412562310843860", "OPENVAS:1361412562310843861", "OPENVAS:1361412562310843884", "OPENVAS:1361412562310843891", "OPENVAS:1361412562310843892", "OPENVAS:1361412562310843896", "OPENVAS:1361412562310843897", "OPENVAS:1361412562310843904", "OPENVAS:1361412562310850626", "OPENVAS:1361412562310850628", "OPENVAS:1361412562310850675", "OPENVAS:1361412562310850746", "OPENVAS:1361412562310850776", "OPENVAS:1361412562310850805", "OPENVAS:1361412562310850918", "OPENVAS:1361412562310850926", "OPENVAS:1361412562310850994", "OPENVAS:1361412562310851080", "OPENVAS:1361412562310851176", "OPENVAS:1361412562310851320", "OPENVAS:1361412562310851358", "OPENVAS:1361412562310851386", "OPENVAS:1361412562310851390", "OPENVAS:1361412562310851420", "OPENVAS:1361412562310851449", "OPENVAS:1361412562310851452", "OPENVAS:1361412562310851454", "OPENVAS:1361412562310851489", "OPENVAS:1361412562310851512", "OPENVAS:1361412562310851513", "OPENVAS:1361412562310851762", "OPENVAS:1361412562310851895", "OPENVAS:1361412562310852091", "OPENVAS:1361412562310852140", "OPENVAS:1361412562310852195", "OPENVAS:1361412562310866964", "OPENVAS:1361412562310866972", "OPENVAS:1361412562310867001", "OPENVAS:1361412562310867043", "OPENVAS:1361412562310867054", "OPENVAS:1361412562310867089", "OPENVAS:1361412562310867096", "OPENVAS:1361412562310867119", "OPENVAS:1361412562310867183", "OPENVAS:1361412562310867240", "OPENVAS:1361412562310867242", "OPENVAS:1361412562310867520", "OPENVAS:1361412562310867546", "OPENVAS:1361412562310867580", "OPENVAS:1361412562310867651", "OPENVAS:1361412562310867682", "OPENVAS:1361412562310867774", "OPENVAS:1361412562310867820", "OPENVAS:1361412562310867857", "OPENVAS:1361412562310867905", "OPENVAS:1361412562310868019", "OPENVAS:1361412562310868076", "OPENVAS:1361412562310868102", "OPENVAS:1361412562310868351", "OPENVAS:1361412562310868416", "OPENVAS:1361412562310868489", "OPENVAS:1361412562310868851", "OPENVAS:1361412562310868980", "OPENVAS:1361412562310868984", "OPENVAS:1361412562310871329", "OPENVAS:1361412562310871413", "OPENVAS:1361412562310871708", "OPENVAS:1361412562310871768", "OPENVAS:1361412562310871783", "OPENVAS:1361412562310871855", "OPENVAS:1361412562310872131", "OPENVAS:1361412562310872137", "OPENVAS:1361412562310872147", "OPENVAS:1361412562310872634", "OPENVAS:1361412562310872640", "OPENVAS:1361412562310874196", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874366", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874606", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310874623", "OPENVAS:1361412562310874647", "OPENVAS:1361412562310874695", "OPENVAS:1361412562310874721", "OPENVAS:1361412562310874751", "OPENVAS:1361412562310874761", "OPENVAS:1361412562310874801", "OPENVAS:1361412562310874813", "OPENVAS:1361412562310874886", "OPENVAS:1361412562310874890", "OPENVAS:1361412562310874908", "OPENVAS:1361412562310874919", "OPENVAS:1361412562310874964", "OPENVAS:1361412562310874965", "OPENVAS:1361412562310874998", "OPENVAS:1361412562310875005", "OPENVAS:1361412562310875066", "OPENVAS:1361412562310875092", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310875128", "OPENVAS:1361412562310875131", "OPENVAS:1361412562310875162", "OPENVAS:1361412562310875170", "OPENVAS:1361412562310875189", "OPENVAS:1361412562310875201", "OPENVAS:1361412562310875303", "OPENVAS:1361412562310875330", "OPENVAS:1361412562310875334", "OPENVAS:1361412562310875349", "OPENVAS:1361412562310875369", "OPENVAS:1361412562310875407", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310875459", "OPENVAS:1361412562310875476", "OPENVAS:1361412562310875506", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310882673", "OPENVAS:1361412562310890922", "OPENVAS:1361412562310891369", "OPENVAS:1361412562310891715", "OPENVAS:1361412562310891731", "OPENVAS:1361412562311220171001", "OPENVAS:1361412562311220171122", "OPENVAS:1361412562311220171123", "OPENVAS:1361412562311220171159", "OPENVAS:1361412562311220181054", "OPENVAS:1361412562311220181133", "OPENVAS:1361412562311220181246", "OPENVAS:1361412562311220181280", "OPENVAS:1361412562311220181297", "OPENVAS:1361412562311220191062", "OPENVAS:1361412562311220191076", "OPENVAS:1361412562311220191108", "OPENVAS:1361412562311220191131", "OPENVAS:1361412562311220191244", "OPENVAS:1361412562311220191253", "OPENVAS:1361412562311220191475", "OPENVAS:1361412562311220191483", "OPENVAS:1361412562311220191485", "OPENVAS:1361412562311220191489", "OPENVAS:1361412562311220191491", "OPENVAS:1361412562311220191492", "OPENVAS:1361412562311220191496", "OPENVAS:1361412562311220191502", "OPENVAS:1361412562311220191504", "OPENVAS:1361412562311220191512", "OPENVAS:1361412562311220191534", "OPENVAS:1361412562311220191972", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192599", "OPENVAS:703503", "OPENVAS:703607", "OPENVAS:703886", "OPENVAS:841626", "OPENVAS:841627", "OPENVAS:841629", "OPENVAS:841640", "OPENVAS:841643", "OPENVAS:841645", "OPENVAS:841647", "OPENVAS:841655", "OPENVAS:841656", "OPENVAS:866964", "OPENVAS:866972", "OPENVAS:867001", "OPENVAS:867043", "OPENVAS:867054", "OPENVAS:867089", "OPENVAS:867096", "OPENVAS:867119", "OPENVAS:867183", "OPENVAS:867240", "OPENVAS:867242", "OPENVAS:867520", "OPENVAS:867546", "OPENVAS:867580", "OPENVAS:867651", "OPENVAS:867682", "OPENVAS:867774"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1645", "ELSA-2013-2583", "ELSA-2013-2584", "ELSA-2015-0290", "ELSA-2015-1272", "ELSA-2015-3014", "ELSA-2015-3015", "ELSA-2016-2574", "ELSA-2016-3596", "ELSA-2017-0386", "ELSA-2017-0386-1", "ELSA-2017-0817", "ELSA-2017-1842", "ELSA-2017-1842-1", "ELSA-2017-3514", "ELSA-2017-3590", "ELSA-2017-3597", "ELSA-2017-3605", "ELSA-2017-3606", "ELSA-2017-3607", "ELSA-2017-3609", "ELSA-2017-3657", "ELSA-2017-3658", "ELSA-2018-1062", "ELSA-2018-4021", "ELSA-2018-4114", "ELSA-2018-4193", "ELSA-2018-4242", "ELSA-2018-4300", "ELSA-2018-4301", "ELSA-2019-2029", "ELSA-2019-4316", "ELSA-2020-5706", "ELSA-2020-5708", "ELSA-2020-5866", "ELSA-2020-5879", "ELSA-2020-5881", "ELSA-2022-9852"]}, {"type": "osv", "idList": ["OSV:DLA-0015-1", "OSV:DLA-118-1", "OSV:DLA-1369-1", "OSV:DLA-1715-1", "OSV:DLA-1731-1", "OSV:DLA-246-1", "OSV:DLA-246-2", "OSV:DLA-516-1", "OSV:DLA-772-1", "OSV:DLA-922-1", "OSV:DLA-993-1", "OSV:DSA-3503-1", "OSV:DSA-3607-1", "OSV:DSA-3886-1", "OSV:DSA-3886-2", "OSV:DSA-4187-1", "OSV:DSA-4188-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:136138", "PACKETSTORM:150001"]}, {"type": "photon", "idList": ["PHSA-2017-0035", "PHSA-2017-0040", "PHSA-2017-0078", "PHSA-2018-0015", "PHSA-2018-0031", "PHSA-2018-0116", "PHSA-2018-0122", "PHSA-2018-1.0-0122", "PHSA-2019-0122", "PHSA-2019-0206", "PHSA-2019-1.0-0206"]}, {"type": "redhat", "idList": ["RHSA-2013:1490", "RHSA-2013:1527", "RHSA-2013:1645", "RHSA-2014:0284", "RHSA-2015:0290", "RHSA-2015:1272", "RHSA-2016:2574", "RHSA-2016:2584", "RHSA-2017:0386", "RHSA-2017:0387", "RHSA-2017:0817", "RHSA-2017:1842", "RHSA-2017:2077", "RHSA-2017:2669", "RHSA-2018:0412", "RHSA-2018:0654", "RHSA-2018:0676", "RHSA-2018:1062", "RHSA-2018:2948", "RHSA-2019:0831", "RHSA-2019:2029", "RHSA-2019:2043", "RHSA-2020:0036", "RHSA-2020:0100", "RHSA-2020:0103", "RHSA-2020:0179"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10088", "RH:CVE-2016-1237", "RH:CVE-2016-8636", "RH:CVE-2016-9576", "RH:CVE-2016-9604", "RH:CVE-2017-18270", "RH:CVE-2017-8924", "RH:CVE-2018-1065", "RH:CVE-2018-12896", "RH:CVE-2018-18281", "RH:CVE-2018-6927", "RH:CVE-2020-14353"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29995", "SECURITYVULNS:DOC:30048", "SECURITYVULNS:DOC:31502", "SECURITYVULNS:VULN:13400", "SECURITYVULNS:VULN:13438", "SECURITYVULNS:VULN:14146", "SECURITYVULNS:VULN:14292"]}, {"type": "slackware", "idList": ["SSA-2019-030-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1669-1", "OPENSUSE-SU-2014:1677-1", "OPENSUSE-SU-2015:0566-1", "OPENSUSE-SU-2015:1382-1", "OPENSUSE-SU-2016:0301-1", "OPENSUSE-SU-2016:1382-1", "OPENSUSE-SU-2016:2144-1", "OPENSUSE-SU-2016:2290-1", "OPENSUSE-SU-2016:2625-1", "OPENSUSE-SU-2016:2649-1", "OPENSUSE-SU-2016:3050-1", "OPENSUSE-SU-2016:3058-1", "OPENSUSE-SU-2016:3085-1", "OPENSUSE-SU-2016:3086-1", "OPENSUSE-SU-2016:3118-1", "OPENSUSE-SU-2017:0458-1", "OPENSUSE-SU-2018:1418-1", "OPENSUSE-SU-2018:2738-1", "OPENSUSE-SU-2018:3071-1", "OPENSUSE-SU-2018:3817-1", "OPENSUSE-SU-2018:4133-1", "SUSE-SU-2014:0536-1", "SUSE-SU-2014:1693-1", "SUSE-SU-2014:1693-2", "SUSE-SU-2014:1695-1", "SUSE-SU-2014:1695-2", "SUSE-SU-2015:0481-1", "SUSE-SU-2015:0652-1", "SUSE-SU-2015:1071-1", "SUSE-SU-2015:1224-1", "SUSE-SU-2015:1324-1", "SUSE-SU-2015:1488-1", "SUSE-SU-2015:1489-1", "SUSE-SU-2015:1592-1", "SUSE-SU-2015:1611-1", "SUSE-SU-2016:1019-1", "SUSE-SU-2016:1203-1", "SUSE-SU-2016:1672-1", "SUSE-SU-2016:1690-1", "SUSE-SU-2016:1696-1", "SUSE-SU-2016:1707-1", "SUSE-SU-2016:1764-1", "SUSE-SU-2016:1961-1", "SUSE-SU-2016:1994-1", "SUSE-SU-2016:1995-1", "SUSE-SU-2016:2001-1", "SUSE-SU-2016:2002-1", "SUSE-SU-2016:2005-1", "SUSE-SU-2016:2006-1", "SUSE-SU-2016:2007-1", "SUSE-SU-2016:2009-1", "SUSE-SU-2016:2010-1", "SUSE-SU-2016:2014-1", "SUSE-SU-2016:2074-1", "SUSE-SU-2016:3146-1", "SUSE-SU-2016:3188-1", "SUSE-SU-2016:3203-1", "SUSE-SU-2016:3217-1", "SUSE-SU-2016:3248-1", "SUSE-SU-2016:3252-1", "SUSE-SU-2017:0181-1", "SUSE-SU-2017:0226-1", "SUSE-SU-2017:0227-1", "SUSE-SU-2017:0228-1", "SUSE-SU-2017:0229-1", "SUSE-SU-2017:0230-1", "SUSE-SU-2017:0231-1", "SUSE-SU-2017:0232-1", "SUSE-SU-2017:0233-1", "SUSE-SU-2017:0234-1", "SUSE-SU-2017:0235-1", "SUSE-SU-2017:0244-1", "SUSE-SU-2017:0245-1", "SUSE-SU-2017:0246-1", "SUSE-SU-2017:0247-1", "SUSE-SU-2017:0248-1", "SUSE-SU-2017:0249-1", "SUSE-SU-2017:0267-1", "SUSE-SU-2017:0268-1", "SUSE-SU-2017:0278-1", "SUSE-SU-2017:0293-1", "SUSE-SU-2017:0294-1", "SUSE-SU-2017:0333-1", "SUSE-SU-2017:0407-1", "SUSE-SU-2017:0437-1", "SUSE-SU-2017:0464-1", "SUSE-SU-2017:0471-1", "SUSE-SU-2017:0494-1", "SUSE-SU-2017:1102-1", "SUSE-SU-2017:1360-1", "SUSE-SU-2017:1853-1", "SUSE-SU-2017:2342-1", "SUSE-SU-2017:2389-1", "SUSE-SU-2017:2525-1", "SUSE-SU-2017:2908-1", "SUSE-SU-2017:2920-1", "SUSE-SU-2018:0834-1", "SUSE-SU-2018:0848-1", "SUSE-SU-2018:1080-1", "SUSE-SU-2018:1172-1"]}, {"type": "threatpost", "idList": ["THREATPOST:54145B143BF11C716167531924DBD4F1"]}, {"type": "ubuntu", "idList": ["USN-2019-1", "USN-2021-1", "USN-2022-1", "USN-2024-1", "USN-2038-1", "USN-2039-1", "USN-2041-1", "USN-2045-1", "USN-2049-1", "USN-2050-1", "USN-2175-1", "USN-2177-1", "USN-2221-1", "USN-2227-1", "USN-2233-1", "USN-2234-1", "USN-2441-1", "USN-2442-1", "USN-2517-1", "USN-2518-1", "USN-2541-1", "USN-2542-1", "USN-2543-1", "USN-2544-1", "USN-2545-1", "USN-2546-1", "USN-2562-1", "USN-2563-1", "USN-2965-1", "USN-2965-2", "USN-2965-3", "USN-2965-4", "USN-2968-1", "USN-2968-2", "USN-2969-1", "USN-2970-1", "USN-2971-1", "USN-2971-2", "USN-2971-3", "USN-2996-1", "USN-2997-1", "USN-3053-1", "USN-3070-1", "USN-3070-2", "USN-3070-3", "USN-3070-4", "USN-3312-1", "USN-3312-2", "USN-3314-1", "USN-3359-1", "USN-3360-1", "USN-3360-2", "USN-3361-1", "USN-3422-1", "USN-3422-2", "USN-3619-1", "USN-3619-2", "USN-3654-1", "USN-3654-2", "USN-3656-1", "USN-3697-1", "USN-3697-2", "USN-3698-1", "USN-3698-2", "USN-3754-1", "USN-3832-1", "USN-3835-1", "USN-3847-1", "USN-3847-2", "USN-3847-3", "USN-3848-1", "USN-3848-2", "USN-3849-1", "USN-3849-2", "USN-3871-1", "USN-3871-2", "USN-3871-3", "USN-3871-4", "USN-3871-5", "USN-3880-1", "USN-3880-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-4387", "UB:CVE-2014-3183", "UB:CVE-2014-8709", "UB:CVE-2014-9728", "UB:CVE-2015-1465", "UB:CVE-2015-8816", "UB:CVE-2016-10088", "UB:CVE-2016-1237", "UB:CVE-2016-2067", "UB:CVE-2016-3138", "UB:CVE-2016-3156", "UB:CVE-2016-8636", "UB:CVE-2016-9084", "UB:CVE-2016-9576", "UB:CVE-2016-9604", "UB:CVE-2017-18270", "UB:CVE-2017-8924", "UB:CVE-2018-1065", "UB:CVE-2018-12896", "UB:CVE-2018-18281", "UB:CVE-2018-6927"]}, {"type": "veracode", "idList": ["VERACODE:21053"]}, {"type": "virtuozzo", "idList": ["VZA-2017-024", "VZA-2017-025", "VZA-2018-028", "VZA-2018-029"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-782", "ALAS-2017-786"]}, {"type": "android", "idList": ["ANDROID:CVE-2015-8816"]}, {"type": "androidsecurity", "idList": ["ANDROID:2019-01-01"]}, {"type": "archlinux", "idList": ["ASA-201702-17"]}, {"type": "broadcom", "idList": ["BSA-2017-304"]}, {"type": "centos", "idList": ["CESA-2019:2029"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:131A4556633D91C9BF0AE72696FADB89", "CFOUNDRY:61ADF14D6FEC14FA5E06A7684B091D19", "CFOUNDRY:ACBE18A36EB39832526C9AA3F7A3E9CE", "CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC"]}, {"type": "cve", "idList": ["CVE-2013-4387", "CVE-2016-1237", "CVE-2016-2067", "CVE-2016-3156", "CVE-2016-9576", "CVE-2018-18281"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1369-1:33F82", "DEBIAN:DLA-993-1:71AF5", "DEBIAN:DSA-3886-1:F6458", "DEBIAN:DSA-4187-1:481CA", "DEBIAN:DSA-4188-1:E4177"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-4387", "DEBIANCVE:CVE-2014-3183", "DEBIANCVE:CVE-2014-8709", "DEBIANCVE:CVE-2014-9728", "DEBIANCVE:CVE-2015-1465", "DEBIANCVE:CVE-2015-8816", "DEBIANCVE:CVE-2016-1237", "DEBIANCVE:CVE-2016-3138", "DEBIANCVE:CVE-2016-3156", "DEBIANCVE:CVE-2016-8636", "DEBIANCVE:CVE-2016-9084", "DEBIANCVE:CVE-2016-9576", "DEBIANCVE:CVE-2016-9604", "DEBIANCVE:CVE-2017-18270", "DEBIANCVE:CVE-2017-8924", "DEBIANCVE:CVE-2018-1065", "DEBIANCVE:CVE-2018-12896", "DEBIANCVE:CVE-2018-18281", "DEBIANCVE:CVE-2018-6927"]}, {"type": "f5", "idList": ["F5:K05513373", "F5:K54610514"]}, {"type": "fedora", "idList": ["FEDORA:08D3760E6566", "FEDORA:0DC87601457E", "FEDORA:10F7D6255145", "FEDORA:122AE604D3F9", "FEDORA:1EFAB60ACFB0", "FEDORA:2281662F1093", "FEDORA:250CB6087A80", "FEDORA:25BDD6190ECF", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:3266960F0E44", "FEDORA:41B546014626", "FEDORA:42DA3601FD86", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:4D5AD601FDAC", "FEDORA:50E6E6087656", "FEDORA:5D742610B071", "FEDORA:621A2609A69C", "FEDORA:648496077DD1", "FEDORA:6B39A60C690C", "FEDORA:6B66A6047312", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:73C3960CDDB3", "FEDORA:74245604D4DA", "FEDORA:7640C641CB61", "FEDORA:7734E613B647", "FEDORA:87BD56087904", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:95A686085F81", "FEDORA:9D83A60EFF4F", "FEDORA:9E3D9606D195", "FEDORA:AAF2F60D7C3E", "FEDORA:AB52460321C9", "FEDORA:AC7FC600CFCA", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:B83986079D12", "FEDORA:BBFE360460D0", "FEDORA:BD35260BC96F", "FEDORA:BE101604CBF2", "FEDORA:C49D061F375F", "FEDORA:C64AE6007F37", "FEDORA:C65F560874BD", "FEDORA:D6CAE607A456", "FEDORA:D6F86601E6D9", "FEDORA:DF5176048167", "FEDORA:E6F08605DCE7", "FEDORA:E878E60F237D", "FEDORA:E93AE6077DCD", "FEDORA:EBB026048D2E"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:60F2E118E85CB34AAEEAED9DE88D51AF"]}, {"type": "ibm", "idList": ["4BB2759DF5CBB6BF54A7D60BF1046942C755D661255DAAC4EF3C0614D1A3AF9A"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2016-9604/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-782.NASL", "DEBIAN_DLA-1369.NASL", "DEBIAN_DLA-922.NASL", "DEBIAN_DSA-4187.NASL", "DEBIAN_DSA-4188.NASL", "EULEROS_SA-2017-1122.NASL", "EULEROS_SA-2017-1123.NASL", "EULEROS_SA-2018-1297.NASL", "FEDORA_2016-107F03CC00.NASL", "FEDORA_2016-5AFF4A6BBC.NASL", "FEDORA_2016-5CB5B4082D.NASL", "FEDORA_2016-73A733F4D9.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "OPENSUSE-2014-793.NASL", "OPENSUSE-2016-1438.NASL", "OPENSUSE-2016-1439.NASL", "OPENSUSE-2016-1454.NASL", "OPENSUSE-2018-1140.NASL", "OPENSUSE-2019-769.NASL", "OPENSUSE-2019-974.NASL", "ORACLELINUX_ELSA-2017-3597.NASL", "ORACLELINUX_ELSA-2017-3605.NASL", "ORACLELINUX_ELSA-2017-3606.NASL", "ORACLELINUX_ELSA-2017-3607.NASL", "ORACLELINUX_ELSA-2018-4242.NASL", "ORACLEVM_OVMSA-2017-0143.NASL", "ORACLEVM_OVMSA-2017-0144.NASL", "REDHAT-RHSA-2018-2948.NASL", "REDHAT-RHSA-2019-0831.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SL_20190806_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2016-3146-1.NASL", "SUSE_SU-2016-3188-1.NASL", "SUSE_SU-2016-3203-1.NASL", "SUSE_SU-2016-3217-1.NASL", "SUSE_SU-2016-3248-1.NASL", "SUSE_SU-2016-3252-1.NASL", "SUSE_SU-2017-0244-1.NASL", "SUSE_SU-2017-0245-1.NASL", "SUSE_SU-2017-0246-1.NASL", "SUSE_SU-2017-0247-1.NASL", "SUSE_SU-2017-0248-1.NASL", "SUSE_SU-2017-0249-1.NASL", "SUSE_SU-2017-0267-1.NASL", "SUSE_SU-2017-0268-1.NASL", "SUSE_SU-2017-0333-1.NASL", "SUSE_SU-2018-2858-1.NASL", "SUSE_SU-2018-2879-1.NASL", "SUSE_SU-2018-2908-1.NASL", "SUSE_SU-2018-3083-1.NASL", "SUSE_SU-2018-3084-1.NASL", "SUSE_SU-2019-0222-1.NASL", "SUSE_SU-2019-0224-1.NASL", "SUSE_SU-2019-0439-1.NASL", "SUSE_SU-2019-1287-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-13937-1.NASL", "UBUNTU_USN-3871-1.NASL", "UBUNTU_USN-3871-2.NASL", "UBUNTU_USN-3871-3.NASL", "UBUNTU_USN-3871-4.NASL", "UBUNTU_USN-3871-5.NASL", "UBUNTU_USN-3880-1.NASL", "VIRTUOZZO_VZA-2018-029.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704187", "OPENVAS:1361412562310704188", "OPENVAS:1361412562310842755", "OPENVAS:1361412562310843884", "OPENVAS:1361412562310843891", "OPENVAS:1361412562310843892", "OPENVAS:1361412562310843896", "OPENVAS:1361412562310843897", "OPENVAS:1361412562310843904", "OPENVAS:1361412562310851452", "OPENVAS:1361412562310851454", "OPENVAS:1361412562310852091", "OPENVAS:1361412562310872131", "OPENVAS:1361412562310872137", "OPENVAS:1361412562310872147", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874366", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310875407", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310891369"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-3605", "ELSA-2017-3606", "ELSA-2017-3607", "ELSA-2018-4242"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:150001"]}, {"type": "photon", "idList": ["PHSA-2017-0035", "PHSA-2017-0040", "PHSA-2018-1.0-0122", "PHSA-2019-1.0-0206"]}, {"type": "redhat", "idList": ["RHSA-2014:0284", "RHSA-2020:0103"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10088", "RH:CVE-2016-8636", "RH:CVE-2016-9576", "RH:CVE-2016-9604", "RH:CVE-2017-8924", "RH:CVE-2018-12896", "RH:CVE-2018-6927", "RH:CVE-2020-14353"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30048", "SECURITYVULNS:VULN:14146"]}, {"type": "slackware", "idList": ["SSA-2019-030-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:3085-1", "OPENSUSE-SU-2016:3086-1", "OPENSUSE-SU-2016:3118-1", "OPENSUSE-SU-2018:3071-1", "SUSE-SU-2016:3146-1", "SUSE-SU-2016:3188-1", "SUSE-SU-2016:3203-1", "SUSE-SU-2016:3217-1", "SUSE-SU-2016:3248-1", "SUSE-SU-2016:3252-1", "SUSE-SU-2017:0226-1", "SUSE-SU-2017:0227-1", "SUSE-SU-2017:0228-1", "SUSE-SU-2017:0229-1", "SUSE-SU-2017:0230-1", "SUSE-SU-2017:0231-1", "SUSE-SU-2017:0232-1", "SUSE-SU-2017:0233-1", "SUSE-SU-2017:0234-1", "SUSE-SU-2017:0235-1", "SUSE-SU-2017:0244-1", "SUSE-SU-2017:0245-1", "SUSE-SU-2017:0246-1", "SUSE-SU-2017:0247-1", "SUSE-SU-2017:0248-1", "SUSE-SU-2017:0249-1", "SUSE-SU-2017:0267-1", "SUSE-SU-2017:0268-1", "SUSE-SU-2017:0278-1", "SUSE-SU-2017:0293-1", "SUSE-SU-2017:0294-1"]}, {"type": "threatpost", "idList": ["THREATPOST:54145B143BF11C716167531924DBD4F1"]}, {"type": "ubuntu", "idList": ["USN-2543-1", "USN-2968-1", "USN-2968-2", "USN-2970-1", "USN-2971-1", "USN-2971-2", "USN-2971-3", "USN-3314-1", "USN-3422-1", "USN-3619-2", "USN-3871-1", "USN-3871-2", "USN-3871-3", "USN-3871-4", "USN-3871-5", "USN-3880-1", "USN-3880-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-18270", "UB:CVE-2018-1065", "UB:CVE-2018-12896", "UB:CVE-2018-18281", "UB:CVE-2018-6927"]}, {"type": "virtuozzo", "idList": ["VZA-2018-028", "VZA-2018-029"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-9604", "epss": "0.000490000", "percentile": "0.153250000", "modified": "2023-03-15"}, {"cve": "CVE-2016-9084", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2014-9728", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1465", "epss": "0.094350000", "percentile": "0.937220000", "modified": "2023-03-15"}, {"cve": "CVE-2018-6927", "epss": "0.000640000", "percentile": "0.261620000", "modified": "2023-03-15"}, {"cve": "CVE-2014-8709", "epss": "0.020500000", "percentile": "0.872070000", "modified": "2023-03-15"}, {"cve": "CVE-2016-8636", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2016-3156", "epss": "0.000640000", "percentile": "0.261620000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8924", "epss": "0.000640000", "percentile": "0.259690000", "modified": "2023-03-15"}, {"cve": "CVE-2018-1065", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2018-18281", "epss": "0.000930000", "percentile": "0.381170000", "modified": "2023-03-15"}, {"cve": "CVE-2017-18270", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2016-2067", "epss": "0.001000000", "percentile": "0.397210000", "modified": "2023-03-15"}, {"cve": "CVE-2016-9576", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2013-4387", "epss": "0.040890000", "percentile": "0.907830000", "modified": "2023-03-15"}, {"cve": "CVE-2016-1237", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2016-3138", "epss": "0.002510000", "percentile": "0.612300000", "modified": "2023-03-15"}, {"cve": "CVE-2014-3183", "epss": "0.000800000", "percentile": "0.326210000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8816", "epss": "0.002420000", "percentile": "0.604040000", "modified": "2023-03-15"}, {"cve": "CVE-2018-12896", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}], "vulnersScore": 0.3}, "_state": {"dependencies": 1678957314, "score": 1683999172, "epss": 1678957426}, "_internal": {"score_hash": "ee267373230198dce59395e9236d3048"}, "pluginID": "1361412562311220191522", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1522\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-4387\", \"CVE-2014-3183\", \"CVE-2014-8709\", \"CVE-2014-9728\", \"CVE-2015-1465\", \"CVE-2015-8816\", \"CVE-2016-1237\", \"CVE-2016-2067\", \"CVE-2016-3138\", \"CVE-2016-3156\", \"CVE-2016-8636\", \"CVE-2016-9084\", \"CVE-2016-9576\", \"CVE-2016-9604\", \"CVE-2017-18270\", \"CVE-2017-8924\", \"CVE-2018-1065\", \"CVE-2018-12896\", \"CVE-2018-18281\", \"CVE-2018-6927\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:03:37 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1522)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1522\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1522\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1522 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.(CVE-2016-2067)\n\nInteger overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the 'RDMA protocol over infiniband' (aka Soft RoCE) technology.(CVE-2016-8636)\n\nHeap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.(CVE-2014-3183)\n\nThe futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-6927)\n\nThe hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)\n\nIt was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.(CVE-2016-9576)\n\nA security flaw was found in the Linux kernel's networking subsystem that destroying the network interface with huge number of ipv4 addresses assigned keeps 'rtnl_lock' spinlock for a very long time (up to hour). This blocks many network-related operations, including creation of new incoming ssh connections.The problem is especially important for containers, as the container owner has enough permissions to trigger this ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "Huawei EulerOS Local Security Checks"}

{"nessus": [{"lastseen": "2021-08-19T12:22:55", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.(CVE-2016-2067i1/4%0\n\n - Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the 'RDMA protocol over infiniband' (aka Soft RoCE) technology.(CVE-2016-8636i1/4%0\n\n - Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.(CVE-2014-3183i1/4%0\n\n - The futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-6927i1/4%0\n\n - The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816i1/4%0\n\n - It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.(CVE-2016-9576i1/4%0\n\n - A security flaw was found in the Linux kernel's networking subsystem that destroying the network interface with huge number of ipv4 addresses assigned keeps 'rtnl_lock' spinlock for a very long time (up to hour). This blocks many network-related operations, including creation of new incoming ssh connections.The problem is especially important for containers, as the container owner has enough permissions to trigger this and block a network access on a whole host, outside the container.(CVE-2016-3156i1/4%0\n\n - The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.(CVE-2017-8924i1/4%0\n\n - The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.(CVE-2015-1465i1/4%0\n\n - A symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2014-9728i1/4%0\n\n - net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.(CVE-2013-4387i1/4%0\n\n - It was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL.(CVE-2016-1237i1/4%0\n\n - In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.(CVE-2017-18270i1/4%0\n\n - An issue was discovered in the Linux kernel where an integer overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random.(CVE-2018-12896i1/4%0\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.(CVE-2018-18281i1/4%0\n\n - The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.(CVE-2018-1065i1/4%0\n\n - The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine.(CVE-2016-9084i1/4%0\n\n - The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138i1/4%0\n\n - It was discovered that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.(CVE-2016-9604i1/4%0\n\n - An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext.(CVE-2014-8709i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1522)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4387", "CVE-2014-3183", "CVE-2014-8709", "CVE-2014-9728", "CVE-2015-1465", "CVE-2015-8816", "CVE-2016-1237", "CVE-2016-2067", "CVE-2016-3138", "CVE-2016-3156", "CVE-2016-8636", "CVE-2016-9084", "CVE-2016-9576", "CVE-2016-9604", "CVE-2017-18270", "CVE-2017-8924", "CVE-2018-1065", "CVE-2018-12896", "CVE-2018-18281", "CVE-2018-6927"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1522.NASL", "href": "https://www.tenable.com/plugins/nessus/124975", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124975);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-4387\",\n \"CVE-2014-3183\",\n \"CVE-2014-8709\",\n \"CVE-2014-9728\",\n \"CVE-2015-1465\",\n \"CVE-2015-8816\",\n \"CVE-2016-1237\",\n \"CVE-2016-2067\",\n \"CVE-2016-3138\",\n \"CVE-2016-3156\",\n \"CVE-2016-8636\",\n \"CVE-2016-9084\",\n \"CVE-2016-9576\",\n \"CVE-2016-9604\",\n \"CVE-2017-18270\",\n \"CVE-2017-8924\",\n \"CVE-2018-1065\",\n \"CVE-2018-12896\",\n \"CVE-2018-18281\",\n \"CVE-2018-6927\"\n );\n script_bugtraq_id(\n 62696,\n 69766,\n 70965,\n 72435,\n 74964\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1522)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka\n GPU driver) for the Linux kernel 3.x, as used in\n Qualcomm Innovation Center (QuIC) Android contributions\n for MSM devices and other products, mishandles the\n KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers\n to gain privileges by leveraging accidental read-write\n mappings, aka Qualcomm internal bug\n CR988993.(CVE-2016-2067i1/4%0\n\n - Integer overflow in the mem_check_range function in\n drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel\n before 4.9.10 allows local users to cause a denial of\n service (memory corruption), obtain sensitive\n information from kernel memory, or possibly have\n unspecified other impact via a write or read request\n involving the 'RDMA protocol over infiniband' (aka Soft\n RoCE) technology.(CVE-2016-8636i1/4%0\n\n - Heap-based buffer overflow in the\n logi_dj_ll_raw_request function in\n drivers/hid/hid-logitech-dj.c in the Linux kernel\n before 3.16.2 allows physically proximate attackers to\n cause a denial of service (system crash) or possibly\n execute arbitrary code via a crafted device that\n specifies a large report size for an LED\n report.(CVE-2014-3183i1/4%0\n\n - The futex_requeue function in kernel/futex.c in the\n Linux kernel, before 4.14.15, might allow attackers to\n cause a denial of service (integer overflow) or\n possibly have unspecified other impacts by triggering a\n negative wake or requeue value. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled\n out, although we believe it is\n unlikely.(CVE-2018-6927i1/4%0\n\n - The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel before 4.3.5 does not properly\n maintain a hub-interface data structure, which allows\n physically proximate attackers to cause a denial of\n service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device.(CVE-2015-8816i1/4%0\n\n - It was found that the blk_rq_map_user_iov() function in\n the Linux kernel's block device implementation did not\n properly restrict the type of iterator, which could\n allow a local attacker to read or write to arbitrary\n kernel memory locations or cause a denial of service\n (use-after-free) by leveraging write access to a\n /dev/sg device.(CVE-2016-9576i1/4%0\n\n - A security flaw was found in the Linux kernel's\n networking subsystem that destroying the network\n interface with huge number of ipv4 addresses assigned\n keeps 'rtnl_lock' spinlock for a very long time (up to\n hour). This blocks many network-related operations,\n including creation of new incoming ssh connections.The\n problem is especially important for containers, as the\n container owner has enough permissions to trigger this\n and block a network access on a whole host, outside the\n container.(CVE-2016-3156i1/4%0\n\n - The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allows\n local users to obtain sensitive information (in the\n dmesg ringbuffer and syslog) from uninitialized kernel\n memory by using a crafted USB device (posing as an\n io_ti USB serial device) to trigger an integer\n underflow.(CVE-2017-8924i1/4%0\n\n - The IPv4 implementation in the Linux kernel before\n 3.18.8 does not properly consider the length of the\n Read-Copy Update (RCU) grace period for redirecting\n lookups in the absence of caching, which allows remote\n attackers to cause a denial of service (memory\n consumption or system crash) via a flood of\n packets.(CVE-2015-1465i1/4%0\n\n - A symlink size validation was missing in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support,\n allowing the corruption of kernel memory. An attacker\n able to mount a corrupted/malicious UDF file system\n image could cause the kernel to crash.(CVE-2014-9728i1/4%0\n\n - net/ipv6/ip6_output.c in the Linux kernel through\n 3.11.4 does not properly determine the need for UDP\n Fragmentation Offload (UFO) processing of small packets\n after the UFO queueing of a large packet, which allows\n remote attackers to cause a denial of service (memory\n corruption and system crash) or possibly have\n unspecified other impact via network traffic that\n triggers a large response packet.(CVE-2013-4387i1/4%0\n\n - It was found that nfsd is missing permissions check\n when setting ACL on files, this may allow a local users\n to gain access to any file by setting a crafted\n ACL.(CVE-2016-1237i1/4%0\n\n - In the Linux kernel before 4.13.5, a local user could\n create keyrings for other users via keyctl commands,\n setting unwanted defaults or causing a denial of\n service.(CVE-2017-18270i1/4%0\n\n - An issue was discovered in the Linux kernel where an\n integer overflow in kernel/time/posix-timers.c in the\n POSIX timer code is caused by the way the overrun\n accounting works. Depending on interval and expiry time\n values, the overrun can be larger than INT_MAX, but the\n accounting is int based. This basically makes the\n accounting values, which are visible to user space via\n timer_getoverrun(2) and siginfo::si_overrun,\n random.(CVE-2018-12896i1/4%0\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19.(CVE-2018-18281i1/4%0\n\n - The netfilter subsystem in the Linux kernel through\n 4.15.7 mishandles the case of a rule blob that contains\n a jump but lacks a user-defined chain, which allows\n local users to cause a denial of service (NULL pointer\n dereference) by leveraging the CAP_NET_RAW or\n CAP_NET_ADMIN capability, related to arpt_do_table in\n net/ipv4/netfilter/arp_tables.c, ipt_do_table in\n net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in\n net/ipv6/netfilter/ip6_tables.c.(CVE-2018-1065i1/4%0\n\n - The use of a kzalloc with an integer multiplication\n allowed an integer overflow condition to be reached in\n vfio_pci_intrs.c. This combined with CVE-2016-9083 may\n allow an attacker to craft an attack and use\n unallocated memory, potentially crashing the\n machine.(CVE-2016-9084i1/4%0\n\n - The acm_probe function in drivers/usb/class/cdc-acm.c\n in the Linux kernel before 4.5.1 allows physically\n proximate attackers to cause a denial of service (NULL\n pointer dereference and system crash) via a USB device\n without both a control and a data endpoint\n descriptor.(CVE-2016-3138i1/4%0\n\n - It was discovered that root can gain direct access to\n an internal keyring, such as '.dns_resolver' in RHEL-7\n or '.builtin_trusted_keys' upstream, by joining it as\n its session keyring. This allows root to bypass module\n signature verification by adding a new public key of\n its own devising to the keyring.(CVE-2016-9604i1/4%0\n\n - An information leak flaw was found in the Linux\n kernel's IEEE 802.11 wireless networking\n implementation. When software encryption was used, a\n remote attacker could use this flaw to leak up to 8\n bytes of plaintext.(CVE-2014-8709i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1522\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0d7a6c1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-18T14:30:41", "description": "The openSUSE 14.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\nThe following non-security bugs were fixed :\n\n - 8250_pci: Fix potential use-after-free in error path (bsc#1013001).\n\n - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557).\n\n - drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug() (bsc#1014120).\n\n - drm/i915/vlv: Make intel_crt_reset() per-encoder (bsc#1014120).\n\n - drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init() (bsc#1014120).\n\n - drm/i915: Enable polling when we do not have hpd (bsc#1014120).\n\n - i2c: designware-baytrail: Add support for cherrytrail (bsc#1011913).\n\n - i2c: designware-baytrail: Pass dw_i2c_dev into helper functions (bsc#1011913).\n\n - i2c: designware: Prevent runtime suspend during adapter registration (bsc#1011913).\n\n - i2c: designware: Use transfer timeout from ioctl I2C_TIMEOUT (bsc#1011913).\n\n - i2c: designware: retry transfer on transient failure (bsc#1011913).\n\n - powerpc/xmon: Add xmon command to dump process/task similar to ps(1) (fate#322020).\n\n - sched/fair: Fix incorrect task group ->load_avg (bsc#981825).\n\n - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001).\n\n - target: fix tcm_rbd_gen_it_nexus for emulated XCOPY state (bsc#1003606).\n\n - x86/PCI: VMD: Synchronize with RCU freeing MSI IRQ descs (bsc#1006827).", "cvss3": {}, "published": "2016-12-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-1438)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1438.NASL", "href": "https://www.tenable.com/plugins/nessus/95744", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1438.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95744);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9576\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1438)\");\n script_summary(english:\"Check for the openSUSE-2016-1438 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 14.2 kernel was updated to receive various security and\nbugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\nThe following non-security bugs were fixed :\n\n - 8250_pci: Fix potential use-after-free in error path\n (bsc#1013001).\n\n - block_dev: do not test bdev->bd_contains when it is not\n stable (bsc#1008557).\n\n - drm/i915/vlv: Disable HPD in\n valleyview_crt_detect_hotplug() (bsc#1014120).\n\n - drm/i915/vlv: Make intel_crt_reset() per-encoder\n (bsc#1014120).\n\n - drm/i915/vlv: Reset the ADPA in\n vlv_display_power_well_init() (bsc#1014120).\n\n - drm/i915: Enable polling when we do not have hpd\n (bsc#1014120).\n\n - i2c: designware-baytrail: Add support for cherrytrail\n (bsc#1011913).\n\n - i2c: designware-baytrail: Pass dw_i2c_dev into helper\n functions (bsc#1011913).\n\n - i2c: designware: Prevent runtime suspend during adapter\n registration (bsc#1011913).\n\n - i2c: designware: Use transfer timeout from ioctl\n I2C_TIMEOUT (bsc#1011913).\n\n - i2c: designware: retry transfer on transient failure\n (bsc#1011913).\n\n - powerpc/xmon: Add xmon command to dump process/task\n similar to ps(1) (fate#322020).\n\n - sched/fair: Fix incorrect task group ->load_avg\n (bsc#981825).\n\n - serial: 8250_pci: Detach low-level driver during PCI\n error recovery (bsc#1013001).\n\n - target: fix tcm_rbd_gen_it_nexus for emulated XCOPY\n state (bsc#1003606).\n\n - x86/PCI: VMD: Synchronize with RCU freeing MSI IRQ descs\n (bsc#1006827).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981825\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debugsource-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debugsource-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-devel-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-devel-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-html-4.4.36-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-pdf-4.4.36-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-macros-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-debugsource-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-qa-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-vanilla-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-syms-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debugsource-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-devel-4.4.36-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:11", "description": "The openSUSE Leap 42.1 kernel has been updated to fix a security issue :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).", "cvss3": {}, "published": "2016-12-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the openSUSE Leap 42.1 kernel. (openSUSE-2016-1439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1439.NASL", "href": "https://www.tenable.com/plugins/nessus/95745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1439.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95745);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9576\");\n\n script_name(english:\"openSUSE Security Update : the openSUSE Leap 42.1 kernel. (openSUSE-2016-1439)\");\n script_summary(english:\"Check for the openSUSE-2016-1439 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.1 kernel has been updated to fix a security \nissue :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the openSUSE Leap 42.1 kernel. packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.36-41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.36-41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.36-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.36-41.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:56", "description": "The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. (CVE-2016-9576)\n\nImpact\n\nThis vulnerability may allow locally authenticated users to read or write to arbitrary kernel memory locations or cause a denial of service (DoS).\n\nNote : The exploit requires local shell access and can provide a user with root access to the system. On BIG-IP systems, shell access includes root privileges, making this exploit unnecessary.", "cvss3": {}, "published": "2017-11-03T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K05513373)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576"], "modified": "2019-07-17T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL05513373.NASL", "href": "https://www.tenable.com/plugins/nessus/104366", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K05513373.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104366);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/07/17 16:36:41\");\n\n script_cve_id(\"CVE-2016-9576\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K05513373)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The blk_rq_map_user_iov function in block/blk-map.c in the Linux\nkernel before 4.8.14 does not properly restrict the type of iterator,\nwhich allows local users to read or write to arbitrary kernel memory\nlocations or cause a denial of service (use-after-free) by leveraging\naccess to a /dev/sg device. (CVE-2016-9576)\n\nImpact\n\nThis vulnerability may allow locally authenticated users to read or\nwrite to arbitrary kernel memory locations or cause a denial of\nservice (DoS).\n\nNote : The exploit requires local shell access and can provide a user\nwith root access to the system. On BIG-IP systems, shell access\nincludes root privileges, making this exploit unnecessary.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K05513373\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K05513373.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K05513373\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.5\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:24:23", "description": "The 3.10.14 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-10-10T00:00:00", "type": "nessus", "title": "Fedora 18 : kernel-3.10.14-100.fc18 (2013-18364)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4387"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-18364.NASL", "href": "https://www.tenable.com/plugins/nessus/70362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-18364.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70362);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4387\");\n script_bugtraq_id(62696);\n script_xref(name:\"FEDORA\", value:\"2013-18364\");\n\n script_name(english:\"Fedora 18 : kernel-3.10.14-100.fc18 (2013-18364)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.10.14 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1011927\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/118501.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c709ee0d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"kernel-3.10.14-100.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:24:05", "description": "The 3.11.4 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-10-15T00:00:00", "type": "nessus", "title": "Fedora 20 : kernel-3.11.4-301.fc20 (2013-18867)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4387"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-18867.NASL", "href": "https://www.tenable.com/plugins/nessus/70436", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-18867.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70436);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4387\");\n script_bugtraq_id(62696);\n script_xref(name:\"FEDORA\", value:\"2013-18867\");\n\n script_name(english:\"Fedora 20 : kernel-3.11.4-301.fc20 (2013-18867)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.11.4 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1011927\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/118994.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f438d31b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"kernel-3.11.4-301.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:24:24", "description": "The 3.11.4 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-10-15T00:00:00", "type": "nessus", "title": "Fedora 19 : kernel-3.11.4-201.fc19 (2013-18820)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4387"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-18820.NASL", "href": "https://www.tenable.com/plugins/nessus/70434", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-18820.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70434);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4387\");\n script_bugtraq_id(62696);\n script_xref(name:\"FEDORA\", value:\"2013-18820\");\n\n script_name(english:\"Fedora 19 : kernel-3.11.4-201.fc19 (2013-18820)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.11.4 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1011927\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119062.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa48db0d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119140.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d19accd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"kernel-3.11.4-201.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:24:06", "description": "The 3.11.4 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-10-20T00:00:00", "type": "nessus", "title": "Fedora 18 : kernel-3.11.4-101.fc18 (2013-18822)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4387"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-18822.NASL", "href": "https://www.tenable.com/plugins/nessus/70512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-18822.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70512);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4387\");\n script_bugtraq_id(62696);\n script_xref(name:\"FEDORA\", value:\"2013-18822\");\n\n script_name(english:\"Fedora 18 : kernel-3.11.4-101.fc18 (2013-18822)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.11.4 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1011927\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119236.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?23b14f2e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"kernel-3.11.4-101.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:42", "description": "The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 14.1.5 / 15.1.5.1 / 15.1.6 / 16.1.2.2 / 16.1.3 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K36462841 advisory.\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K36462841)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL36462841.NASL", "href": "https://www.tenable.com/plugins/nessus/162943", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K36462841.\n#\n# @NOAGENT@\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162943);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2018-18281\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K36462841)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 14.1.5 / 15.1.5.1 /\n15.1.6 / 16.1.2.2 / 16.1.3 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K36462841\nadvisory.\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of\n mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it\n has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.f5.com/csp/article/K36462841\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K36462841.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude('f5_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar version = get_kb_item('Host/BIG-IP/version');\nif ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');\nif ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');\nif ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');\n\nvar sol = 'K36462841';\nvar vmatrix = {\n 'AFM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'APM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'ASM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'GTM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'LTM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'PEM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'PSM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'WOM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n }\n};\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n var extra = NULL;\n if (report_verbosity > 0) extra = bigip_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n}\nelse\n{\n var tested = bigip_get_tested_modules();\n var audit_extra = 'For BIG-IP module(s) ' + tested + ',';\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, 'running any of the affected modules');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:43:02", "description": "The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nThe following non-security bugs were fixed :\n\n - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).\n\n - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).\n\n - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).\n\n - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). \n\n - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).\n\n - ACPICA: Tables: Add WSMT support (bsc#1089350).\n\n - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).\n\n - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).\n\n - ALSA: control: Fix race between adding and removing a user element (bsc#1051510).\n\n - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).\n\n - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).\n\n - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).\n\n - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510).\n\n - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).\n\n - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).\n\n - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).\n\n - ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n\n - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).\n\n - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).\n\n - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).\n\n - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).\n\n - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).\n\n - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).\n\n - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).\n\n - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).\n\n - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).\n\n - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)\n\n - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).\n\n - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).\n\n - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n\n - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).\n\n - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).\n\n - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).\n\n - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).\n\n - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).\n\n - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).\n\n - Btrfs: fix deadlock when writing out free space caches (bsc#1116700).\n\n - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).\n\n - Btrfs: fix NULL pointer dereference on compressed write path error (bsc#1116698).\n\n - Btrfs: fix use-after-free during inode eviction (bsc#1116701).\n\n - Btrfs: fix use-after-free when dumping free space (bsc#1116862).\n\n - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).\n\n - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).\n\n - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).\n\n - Documentation/l1tf: Fix typos (bsc#1051510).\n\n - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).\n\n - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279).\n\n - EDAC: Raise the maximum number of memory controllers (bsc#1113780).\n\n - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809).\n\n - Fix some patch headers which diverge from RFC5322 Manually fix some patches which have an invalid header.\n\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n\n - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).\n\n - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).\n\n - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n\n - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).\n\n - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).\n\n - Input: xpad - fix some coding style issues (bsc#1051510).\n\n - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes).\n\n - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840).\n\n - KABI: powerpc: Revert npu callback signature change (bsc#1055120).\n\n - KABI: powerpc: export __find_linux_pte as\n __find_linux_pte_or_hugepte (bsc#1061840).\n\n - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840).\n\n - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840).\n\n - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix trap number return from\n __kvmppc_vcore_entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840).\n\n - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).\n\n - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840).\n\n - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).\n\n - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840).\n\n - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).\n\n - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840).\n\n - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).\n\n - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840).\n\n - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).\n\n - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n\n - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).\n\n - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).\n\n - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).\n\n - KVM: s390: vsie: copy wrapping keys to right place (git-fixes).\n\n - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).\n\n - MD: fix invalid stored role for a disk - try2 (git-fixes).\n\n - NFS: Avoid RCU usage in tracepoints (git-fixes).\n\n - NFS: Ensure we commit after writeback is complete (bsc#1111809).\n\n - NFS: Fix a typo in nfs_rename() (git-fixes).\n\n - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes).\n\n - NFS: Fix typo in nomigration mount option (git-fixes).\n\n - NFS: Fix unstable write completion (git-fixes).\n\n - NFS: commit direct writes even if they fail partially (git-fixes).\n\n - NFSv4.0 fix client reference leak in callback (git-fixes).\n\n - NFSv4.1 fix infinite loop on I/O (git-fixes).\n\n - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).\n\n - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n\n - NFSv4.1: Fix up replays of interrupted requests (git-fixes).\n\n - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).\n\n - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).\n\n - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).\n\n - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: imx6: Fix link training status detection in link up check (bsc#1109806).\n\n - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).\n\n - PCI: vmd: Assign vector zero to all bridges (bsc#1109806).\n\n - PCI: vmd: Detach resources after stopping root bus (bsc#1109806).\n\n - PCI: vmd: White list for fast interrupt handlers (bsc#1109806).\n\n - SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes).\n\n - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).\n\n - USB: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510).\n\n - USB: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).\n\n - USB: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).\n\n - USB: serial: option: add two-endpoints device-id flag (bsc#1051510).\n\n - USB: serial: option: drop redundant interface-class test (bsc#1051510).\n\n - USB: serial: option: improve Quectel EP06 detection (bsc#1051510).\n\n - VFS: close race between getcwd() and d_move() (git-fixes).\n\n - VMCI: Resource wildcard match fixed (bsc#1051510).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1116895).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279).\n\n - act_ife: fix a potential use-after-free (networking-stable-18_09_11).\n\n - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).\n\n - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998).\n\n - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ataflop: fix error handling during setup (bsc#1051510).\n\n - ath10k: schedule hardware restart if WMI command times out (bsc#1051510).\n\n - autofs: fix autofs_sbi() does not check super block type (git-fixes).\n\n - autofs: fix slab out of bounds read in getname_kernel() (git-fixes).\n\n - autofs: mount point create should honour passed in mode (git-fixes).\n\n - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes).\n\n - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).\n\n - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).\n\n - bitops: protect variables in bit_clear_unless() macro (bsc#1051510).\n\n - bitops: protect variables in set_mask_bits() macro (bsc#1051510).\n\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n\n - block: respect virtual boundary mask in bvecs (bsc#1113412).\n\n - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).\n\n - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).\n\n - bonding: avoid possible dead-lock (networking-stable-18_10_16).\n\n - bonding: fix length of actor system (networking-stable-18_11_02).\n\n - bonding: fix warning message (networking-stable-18_10_16).\n\n - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).\n\n - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).\n\n - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).\n\n - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).\n\n - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).\n\n - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).\n\n - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).\n\n - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).\n\n - btrfs: make sure we create all new block groups (bsc#1116699).\n\n - btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).\n\n - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).\n\n - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).\n\n - can: hi311x: Use level-triggered interrupt (bsc#1051510).\n\n - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).\n\n - can: rcar_can: Fix erroneous registration (bsc#1051510).\n\n - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).\n\n - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).\n\n - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).\n\n - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).\n\n - ceph: quota: fix NULL pointer dereference in quota check (bsc#1114839).\n\n - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).\n\n - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).\n\n - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).\n\n - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).\n\n - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).\n\n - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).\n\n - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).\n\n - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).\n\n - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).\n\n - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).\n\n - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).\n\n - configfs: replace strncpy with memcpy (bsc#1051510).\n\n - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).\n\n - do d_instantiate/unlock_new_inode combinations safely (git-fixes).\n\n - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).\n\n - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n\n - drm/ast: Remove existing framebuffers before loading driver (boo#1112963)\n\n - drm/ast: change resolution may cause screen blurred (boo#1112963).\n\n - drm/ast: fixed cursor may disappear sometimes (bsc#1051510).\n\n - drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n\n - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)\n\n - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).\n\n - drm/i915/glk: Remove 99% limitation (bsc#1051510).\n\n - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).\n\n - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).\n\n - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).\n\n - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).\n\n - drm/i915: Large page offsets for pread/pwrite (bsc#1051510).\n\n - drm/i915: Mark pin flags as u64 (bsc#1051510).\n\n - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).\n\n - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).\n\n - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).\n\n - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).\n\n - drm/meson: add support for 1080p25 mode (bsc#1051510).\n\n - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).\n\n - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).\n\n - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).\n\n - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)\n\n - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795).\n\n - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794).\n\n - ext4: add missing brelse() update_backups()'s error path (bsc#1117796).\n\n - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).\n\n - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).\n\n - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).\n\n - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).\n\n - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).\n\n - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).\n\n - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).\n\n - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).\n\n - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803).\n\n - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).\n\n - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791).\n\n - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).\n\n - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).\n\n - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).\n\n - fbdev: fix broken menu dependencies (bsc#1113722)\n\n - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).\n\n - firmware: dcdbas: include linux/io.h (bsc#1089350).\n\n - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).\n\n - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).\n\n - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes).\n\n - fs: Make extension of struct super_block transparent (bsc#1117822).\n\n - fs: dcache: Avoid livelock between d_alloc_parallel and\n __d_add (git-fixes).\n\n - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).\n\n - fscache: fix race between enablement and dropping of object (bsc#1107385).\n\n - fsnotify: Fix busy inodes during unmount (bsc#1117822).\n\n - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).\n\n - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172).\n\n - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).\n\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).\n\n - ftrace: Remove incorrect setting of glob search field (bsc#1117184).\n\n - genirq: Fix race on spurious interrupt detection (bsc#1051510).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (git-fixes).\n\n - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).\n\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).\n\n - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24).\n\n - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).\n\n - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).\n\n - hwmon: (core) Fix double-free in\n __hwmon_device_register() (bsc#1051510).\n\n - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).\n\n - hwmon: (ina2xx) Fix current value calculation (bsc#1051510).\n\n - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n\n - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).\n\n - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).\n\n - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n\n - hwmon: (w83795) temp4_type has writable permission (bsc#1051510).\n\n - ibmvnic: fix accelerated VLAN handling ().\n\n - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).\n\n - ibmvnic: remove ndo_poll_controller ().\n\n - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).\n\n - iio: ad5064: Fix regulator handling (bsc#1051510).\n\n - iio:st_magn: Fix enable device after trigger (bsc#1051510).\n\n - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510).\n\n - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510).\n\n - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16).\n\n - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).\n\n - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).\n\n - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).\n\n - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n\n - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).\n\n - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n\n - ip6_vti: fix a NULL pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).\n\n - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n\n - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).\n\n - ipmi: Fix timer race with module unload (bsc#1051510).\n\n - ipv4: lock mtu in fnhe when received PMTU net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n\n - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).\n\n - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).\n\n - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).\n\n - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).\n\n - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).\n\n - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).\n\n - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).\n\n - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).\n\n - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).\n\n - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).\n\n - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n\n - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).\n\n - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).\n\n - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n\n - kABI: protect struct fib_nh_exception (kabi).\n\n - kABI: protect struct rtable (kabi).\n\n - kabi/severities: ignore __xive_vm_h_* KVM internal symbols.\n\n - kabi/severities: ignore ppc64 realmode helpers. KVM fixes remove exports of realmode_pfn_to_page iommu_tce_xchg_rm mm_iommu_lookup_rm mm_iommu_ua_to_hpa_rm. Some are no longer used and others are no longer exported because the code was consolideted in one place. These helpers are to be called in realmode and linking to them from non-KVM modules is a bug. Hence removing them does not break KABI.\n\n - kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n\n - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).\n\n - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279).\n\n - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).\n\n - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n\n - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).\n\n - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).\n\n - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).\n\n - livepatch: create and include UAPI headers ().\n\n - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).\n\n - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes).\n\n - mac80211: Always report TX status (bsc#1051510).\n\n - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).\n\n - mac80211: fix TX status reporting for ieee80211s (bsc#1051510).\n\n - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).\n\n - mach64: fix display corruption on big endian machines (bsc#1113722)\n\n - mach64: fix image corruption due to reading accelerator registers (bsc#1113722)\n\n - mailbox: PCC: handle parse error (bsc#1051510).\n\n - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes).\n\n - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes).\n\n - md/raid1: add error handling of read error from FailFast device (git-fixes).\n\n - md/raid5-cache: disable reshape completely (git-fixes).\n\n - md/raid5: fix data corruption of replacements after originals dropped (git-fixes).\n\n - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes).\n\n - memory_hotplug: cond_resched in __remove_pages (bnc#1114178).\n\n - mfd: menelaus: Fix possible race condition and leak (bsc#1051510).\n\n - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).\n\n - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).\n\n - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).\n\n - mm: rework memcg kernel stack accounting (bnc#1113677).\n\n - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).\n\n - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).\n\n - modpost: ignore livepatch unresolved relocations ().\n\n - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).\n\n - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).\n\n - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n\n - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).\n\n - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21).\n\n - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).\n\n - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).\n\n - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).\n\n - net/ibmnvic: Fix deadlock problem in reset ().\n\n - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).\n\n - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).\n\n - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).\n\n - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).\n\n - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).\n\n - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).\n\n - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).\n\n - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).\n\n - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).\n\n - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).\n\n - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).\n\n - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).\n\n - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).\n\n - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).\n\n - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).\n\n - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).\n\n - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).\n\n - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).\n\n - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).\n\n - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).\n\n - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).\n\n - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).\n\n - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).\n\n - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).\n\n - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).\n\n - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).\n\n - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).\n\n - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).\n\n - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).\n\n - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).\n\n - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).\n\n - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).\n\n - net: ena: minor performance improvement (bsc#1111696 bsc#1117561).\n\n - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).\n\n - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).\n\n - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561).\n\n - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).\n\n - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).\n\n - net: hp100: fix always-true check for link up state (networking-stable-18_09_24).\n\n - net: ibm: fix return type of ndo_start_xmit function ().\n\n - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).\n\n - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).\n\n - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).\n\n - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).\n\n - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).\n\n - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).\n\n - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n\n - net: sched: Fix for duplicate class dump (networking-stable-18_11_02).\n\n - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).\n\n - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).\n\n - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).\n\n - net: smsc95xx: Fix MTU range (networking-stable-18_11_21).\n\n - net: socket: fix a missing-check bug (networking-stable-18_11_02).\n\n - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).\n\n - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).\n\n - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).\n\n - net: systemport: Protect stop from timeout (networking-stable-18_11_21).\n\n - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).\n\n - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).\n\n - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).\n\n - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).\n\n - nfsd4: permit layoutget of executable-only files (git-fixes).\n\n - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes).\n\n - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).\n\n - nfsd: Fix another OPEN stateid race (git-fixes).\n\n - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).\n\n - nfsd: check for use of the closed special stateid (git-fixes).\n\n - nfsd: deal with revoked delegations appropriately (git-fixes).\n\n - nfsd: fix corrupted reply to badly ordered compound (git-fixes).\n\n - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).\n\n - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).\n\n - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).\n\n - nospec: Include asm/barrier.h dependency (bsc#1114279).\n\n - nvme: Free ctrl device name on init failure ().\n\n - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).\n\n - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816).\n\n - ocfs2: fix ocfs2 read block panic (bsc#1117815).\n\n - ocfs2: free up write context when direct IO failed (bsc#1117821).\n\n - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808).\n\n - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).\n\n - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).\n\n - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).\n\n - pci: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit:\n 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)\n\n - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).\n\n - percpu: make this_cpu_generic_read() atomic w.r.t.\n interrupts (bsc#1114279).\n\n - perf: fix invalid bit in diagnostic entry (git-fixes).\n\n - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n\n - pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).\n\n - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).\n\n - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).\n\n - pipe: match pipe_max_size data type with procfs (git-fixes).\n\n - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).\n\n - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).\n\n - pnfs: Do not release the sequence slot until we've processed layoutget on open (git-fixes).\n\n - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).\n\n - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).\n\n - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).\n\n - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).\n\n - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).\n\n - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).\n\n - powerpc/mm: Fix typo in comments (bsc#1065729).\n\n - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).\n\n - powerpc/npu-dma.c: Fix crash after\n __mmu_notifier_register failure (bsc#1055120).\n\n - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840).\n\n - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840).\n\n - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).\n\n - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).\n\n - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).\n\n - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).\n\n - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).\n\n - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).\n\n - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).\n\n - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).\n\n - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120).\n\n - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).\n\n - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840).\n\n - powerpc/powernv: Rework TCE level allocation (bsc#1061840).\n\n - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).\n\n - powerpc/pseries: Fix DTL buffer registration (bsc#1065729).\n\n - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).\n\n - powerpc/xive: Move definition of ESB bits (bsc#1061840).\n\n - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).\n\n - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).\n\n - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).\n\n - provide linux/set_memory.h (bsc#1113295).\n\n - ptp: fix Spectre v1 vulnerability (bsc#1051510).\n\n - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510).\n\n - pxa168fb: prepare the clock (bsc#1051510).\n\n - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).\n\n - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).\n\n - r8169: fix NAPI handling under high load (networking-stable-18_11_02).\n\n - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).\n\n - rds: fix two RCU related problems (networking-stable-18_09_18).\n\n - remoteproc: qcom: Fix potential device node leaks (bsc#1051510).\n\n - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).\n\n - reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n\n - resource: Include resource end in walk_*() interfaces (bsc#1114279).\n\n - rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists.\n\n - rpm/kernel-binary.spec.in: allow unsupported modules for\n -extra (bsc#1111183). SLE-15 and later only.\n\n - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches\n\n - rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ('kconfig:\n remove silentoldconfig target'), 'make silentoldconfig' can be no longer used. Use 'make syncconfig' instead if available.\n\n - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).\n\n - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).\n\n - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).\n\n - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).\n\n - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback (git-fixes).\n\n - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).\n\n - s390/qeth: handle failure on workqueue creation (git-fixes).\n\n - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).\n\n - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).\n\n - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).\n\n - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).\n\n - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).\n\n - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).\n\n - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue\n\n - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).\n\n - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).\n\n - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n\n - scsi: lpfc: Correct errors accessing fw log (bsc#1114015).\n\n - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).\n\n - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).\n\n - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).\n\n - scsi: lpfc: Correct race with abort on completion path (bsc#1114015).\n\n - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).\n\n - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n\n - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).\n\n - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).\n\n - scsi: lpfc: Fix errors in log messages (bsc#1114015).\n\n - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).\n\n - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).\n\n - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).\n\n - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).\n\n - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).\n\n - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).\n\n - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).\n\n - scsi: lpfc: add Trunking support (bsc#1114015).\n\n - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).\n\n - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).\n\n - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).\n\n - scsi: lpfc: reduce locking when updating statistics (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).\n\n - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581).\n\n - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).\n\n - scsi: sg: fix minor memory leak in error path (bsc#1114584).\n\n - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578).\n\n - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).\n\n - scsi: target: Fix fortify_panic kernel exception (bsc#1114576).\n\n - scsi: target: tcmu: add read length support (bsc#1097755).\n\n - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).\n\n - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).\n\n - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).\n\n - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).\n\n - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21).\n\n - skip LAYOUTRETURN if layout is invalid (git-fixes).\n\n - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).\n\n - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).\n\n - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510).\n\n - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n\n - staging:iio:ad7606: fix voltage scales (bsc#1051510).\n\n - sunrpc: Do not use stack buffer with scatterlist (git-fixes).\n\n - sunrpc: Fix rpc_task_begin trace point (git-fixes).\n\n - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).\n\n - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).\n\n - test_firmware: fix error return getting clobbered (bsc#1051510).\n\n - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).\n\n - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n\n - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).\n\n - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).\n\n - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).\n\n - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).\n\n - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).\n\n - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).\n\n - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).\n\n - tpm: Restore functionality to xen vtpm driver (bsc#1082555).\n\n - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).\n\n - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).\n\n - tpm: add retry logic (bsc#1082555).\n\n - tpm: consolidate the TPM startup code (bsc#1082555).\n\n - tpm: do not suspend/resume if power stays on (bsc#1082555).\n\n - tpm: fix intermittent failure with self tests (bsc#1082555).\n\n - tpm: fix response size validation in tpm_get_random() (bsc#1082555).\n\n - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).\n\n - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).\n\n - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).\n\n - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).\n\n - tpm: self test failure should not cause suspend to fail (bsc#1082555).\n\n - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).\n\n - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).\n\n - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).\n\n - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).\n\n - tracing: Erase irqsoff trace with empty write (bsc#1117189).\n\n - tty: Do not block on IO when ldisc change is pending (bnc#1105428).\n\n - tty: check name length in tty_find_polling_driver() (bsc#1051510).\n\n - tty: wipe buffer (bsc#1051510).\n\n - tty: wipe buffer if not echoing data (bsc#1051510).\n\n - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).\n\n - tuntap: fix multiqueue rx (networking-stable-18_11_21).\n\n - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).\n\n - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).\n\n - udp6: fix encap return code for resubmitting (git-fixes).\n\n - uio: Fix an Oops on load (bsc#1051510).\n\n - uio: ensure class is registered before devices (bsc#1051510).\n\n - uio: make symbol 'uio_class_registered' static (bsc#1051510).\n\n - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).\n\n - usb: core: Fix hub port connection events lost (bsc#1051510).\n\n - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).\n\n - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).\n\n - usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n\n - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).\n\n - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).\n\n - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).\n\n - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).\n\n - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).\n\n - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).\n\n - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).\n\n - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).\n\n - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).\n\n - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).\n\n - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes).\n\n - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).\n\n - vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n\n - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).\n\n - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).\n\n - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).\n\n - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).\n\n - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).\n\n - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).\n\n - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).\n\n - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).\n\n - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).\n\n - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).\n\n - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs ().\n\n - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).\n\n - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).\n\n - xen/netfront: do not bug in case of too many frags (bnc#1104824).\n\n - xen/pvh: do not try to unplug emulated devices (bnc#1065600).\n\n - xen/pvh: increase early stack size (bnc#1065600).\n\n - xen: fix race in xen_qlock_wait() (bnc#1107256).\n\n - xen: fix xen_qlock_wait() (bnc#1107256).\n\n - xen: make xen_qlock_wait() nestable (bnc#1107256).\n\n - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).\n\n - xfs: Properly detect when DAX won't be used on any device (bsc#1115976).\n\n - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).\n\n - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).\n\n - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).", "cvss3": {}, "published": "2018-12-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2018-1548)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-1548.NASL", "href": "https://www.tenable.com/plugins/nessus/119708", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1548.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119708);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-18281\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2018-1548)\");\n script_summary(english:\"Check for the openSUSE-2018-1548 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB\n flushes after dropping pagetable locks. If a syscall\n such as ftruncate() removes entries from the pagetables\n of a task that is in the middle of mremap(), a stale TLB\n entry can remain for a short time that permits access to\n a physical page after it has been released back to the\n page allocator and reused. (bnc#1113769).\n\nThe following non-security bugs were fixed :\n\n - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail\n DMA controllers (bsc#1051510).\n\n - ACPI / platform: Add SMB0001 HID to forbidden_id_list\n (bsc#1051510).\n\n - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table\n uses RTC SRAM (bsc#1051510).\n\n - ACPI/APEI: Handle GSIV and GPIO notification types\n (bsc#1115567). \n\n - ACPI/IORT: Fix iort_get_platform_device_domain()\n uninitialized pointer value (bsc#1051510).\n\n - ACPICA: Tables: Add WSMT support (bsc#1089350).\n\n - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control\n write (bsc#1051510).\n\n - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio\n pops (bsc#1051510).\n\n - ALSA: control: Fix race between adding and removing a\n user element (bsc#1051510).\n\n - ALSA: hda/ca0132 - Call pci_iounmap() instead of\n iounmap() (bsc#1051510).\n\n - ALSA: hda/realtek - Add GPIO data update helper\n (bsc#1051510).\n\n - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre\n x360 laptop (bsc#1051510).\n\n - ALSA: hda/realtek - Allow skipping spec->init_amp\n detection (bsc#1051510).\n\n - ALSA: hda/realtek - Fix HP Headset Mic can't record\n (bsc#1051510).\n\n - ALSA: hda/realtek - Manage GPIO bits commonly\n (bsc#1051510).\n\n - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling\n (bsc#1051510).\n\n - ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n\n - ALSA: hda/realtek - fix headset mic detection for MSI\n MS-B171 (bsc#1051510).\n\n - ALSA: hda/realtek - fix the pop noise on headphone for\n lenovo laptops (bsc#1051510).\n\n - ALSA: hda: Add ASRock N68C-S UCC the power_save\n blacklist (bsc#1051510).\n\n - ALSA: oss: Use kvzalloc() for local buffer allocations\n (bsc#1051510).\n\n - ALSA: sparc: Fix invalid snd_free_pages() at error path\n (bsc#1051510).\n\n - ALSA: usb-audio: Add vendor and product name for Dell\n WD19 Dock (bsc#1051510).\n\n - ALSA: wss: Fix invalid snd_free_pages() at error path\n (bsc#1051510).\n\n - ARM: dts: at91: add new compatibility string for macb on\n sama5d3 (bsc#1051510).\n\n - ASoC: Intel: cht_bsw_max98090: add support for Baytrail\n (bsc#1051510).\n\n - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE\n to dwc (bsc#1085535)\n\n - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards\n using pmc_plt_clk_0 (bsc#1051510).\n\n - ASoC: sun8i-codec: fix crash on module removal\n (bsc#1051510).\n\n - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n\n - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth\n (bsc#1051510).\n\n - Btrfs: fix assertion failure during fsync in no-holes\n mode (bsc#1118136).\n\n - Btrfs: fix assertion on fsync of regular file when using\n no-holes feature (bsc#1118137).\n\n - Btrfs: fix cur_offset in the error case for nocow\n (bsc#1118140).\n\n - Btrfs: fix data corruption due to cloning of eof block\n (bsc#1116878).\n\n - Btrfs: fix deadlock on tree root leaf when finding free\n extent (bsc#1116876).\n\n - Btrfs: fix deadlock when writing out free space caches\n (bsc#1116700).\n\n - Btrfs: fix infinite loop on inode eviction after\n deduplication of eof block (bsc#1116877).\n\n - Btrfs: fix NULL pointer dereference on compressed write\n path error (bsc#1116698).\n\n - Btrfs: fix use-after-free during inode eviction\n (bsc#1116701).\n\n - Btrfs: fix use-after-free when dumping free space\n (bsc#1116862).\n\n - Btrfs: fix warning when replaying log after fsync of a\n tmpfile (bsc#1116692).\n\n - Btrfs: fix wrong dentries after fsync of file that got\n its parent replaced (bsc#1116693).\n\n - Btrfs: send, fix infinite loop due to directory rename\n dependencies (bsc#1118138).\n\n - Documentation/l1tf: Fix typos (bsc#1051510).\n\n - Documentation/l1tf: Remove Yonah processors from not\n vulnerable list (bsc#1051510).\n\n - EDAC, thunderx: Fix memory leak in\n thunderx_l2c_threaded_isr() (bsc#1114279).\n\n - EDAC: Raise the maximum number of memory controllers\n (bsc#1113780).\n\n - Fix kABI for 'Ensure we commit after writeback is\n complete' (bsc#1111809).\n\n - Fix some patch headers which diverge from RFC5322\n Manually fix some patches which have an invalid header.\n\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n\n - HID: uhid: forbid UHID_CREATE under KERNEL_DS or\n elevated privileges (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad\n 330-15IGM (bsc#1051510).\n\n - Input: synaptics - avoid using uninitialized variable\n when probing (bsc#1051510).\n\n - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n\n - Input: xpad - add support for Xbox1 PDP Camo series\n gamepad (bsc#1051510).\n\n - Input: xpad - avoid using __set_bit() for capabilities\n (bsc#1051510).\n\n - Input: xpad - fix some coding style issues\n (bsc#1051510).\n\n - KABI fix for 'NFSv4.1: Fix up replays of interrupted\n requests' (git-fixes).\n\n - KABI: hide new member in struct iommu_table from\n genksyms (bsc#1061840).\n\n - KABI: powerpc: Revert npu callback signature change\n (bsc#1055120).\n\n - KABI: powerpc: export __find_linux_pte as\n __find_linux_pte_or_hugepte (bsc#1061840).\n\n - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move\n vcpu->arch.gpr[] into it (bsc#1061840).\n\n - KVM: PPC: Avoid marking DMA-mapped pages dirty in real\n mode (bsc#1061840).\n\n - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit\n path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG\n interface (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add of_node_put() in success path\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow HPT and radix on the same\n core for POWER9 v2.2 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow creating max number of VCPUs\n on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid crash from THP collapse\n during radix page fault (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid shifts by negative amounts\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check DR not IR to chose real vs\n virt mode MMIOs (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR\n value loaded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate\n function (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use compound_order to\n determine host mapping size (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag\n for XIVE escalations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Enable migration of decrementer\n register (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Factor fake-suspend handling out of\n kvmppc_save/restore_tm (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or\n 1GB memory backing (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix conditions for starting vcpu\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix constant size warning\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix duplication of host SLB entries\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix guest r11 corruption with\n POWER9 TM workarounds (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of large pages in\n radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in\n HPT resizing code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix inaccurate comment\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real\n mode interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix trap number return from\n __kvmppc_vcore_entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix typo in\n kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle 1GB pages in radix page\n fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Improve handling of debug-trigger\n HMIs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt\n masked unless ceded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix clear pte when unmapping\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix use correct tlbie\n sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU\n ID space (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Radix page fault handler\n optimizations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under\n kvm->lock (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Recursively unmap all page table\n entries when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove useless statement\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to\n Linux handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR\n count correctly (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Snapshot timebase offset on guest\n entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Streamline setting of reference and\n change bits (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page\n fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the\n radix fault path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts\n on CPU priority change (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Do not clear partition PTE\n when RC or write bits do not match (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Refine IO region partition\n scope attributes (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Add guest MSR parameter for\n kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Move\n kvmppc_save_tm/kvmppc_restore_tm to separate file\n (bsc#1061840).\n\n - KVM: PPC: Book3S: Add MMIO emulation for VMX\n instructions (bsc#1061840).\n\n - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages\n with smaller physical pages (bsc#1061840).\n\n - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64\n parameters (bsc#1061840).\n\n - KVM: PPC: Book3S: Eliminate some unnecessary checks\n (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix compile error that occurs with\n some gcc versions (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix matching of hardware and emulated\n TCE tables (bsc#1061840).\n\n - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE\n (bsc#1061840).\n\n - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage\n issue (bsc#1061840).\n\n - KVM: PPC: Make iommu_table::it_userspace big endian\n (bsc#1061840).\n\n - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in\n kvm_vcpu_arch (bsc#1061840).\n\n - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show()\n (bsc#1061840).\n\n - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n\n - KVM: arm/arm64: Introduce vcpu_el1_is_32bit\n (bsc#1110998).\n\n - KVM: nVMX: Always reflect #NM VM-exits to L1\n (bsc#1106240).\n\n - KVM: nVMX: move check_vmentry_postreqs() call to\n nested_vmx_enter_non_root_mode() (bsc#1106240).\n\n - KVM: s390: vsie: copy wrapping keys to right place\n (git-fixes).\n\n - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING\n hypercall (bsc#1106240).\n\n - MD: fix invalid stored role for a disk - try2\n (git-fixes).\n\n - NFS: Avoid RCU usage in tracepoints (git-fixes).\n\n - NFS: Ensure we commit after writeback is complete\n (bsc#1111809).\n\n - NFS: Fix a typo in nfs_rename() (git-fixes).\n\n - NFS: Fix an incorrect type in struct nfs_direct_req\n (git-fixes).\n\n - NFS: Fix typo in nomigration mount option (git-fixes).\n\n - NFS: Fix unstable write completion (git-fixes).\n\n - NFS: commit direct writes even if they fail partially\n (git-fixes).\n\n - NFSv4.0 fix client reference leak in callback\n (git-fixes).\n\n - NFSv4.1 fix infinite loop on I/O (git-fixes).\n\n - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock\n (git-fixes).\n\n - NFSv4.1: Fix the client behaviour on\n NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n\n - NFSv4.1: Fix up replays of interrupted requests\n (git-fixes).\n\n - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).\n\n - PCI/ASPM: Do not initialize link state when\n aspm_disabled is set (bsc#1051510).\n\n - PCI/MSI: Warn and return error if driver enables\n MSI/MSI-X twice (bsc#1051510).\n\n - PCI: Add Device IDs for Intel GPU 'spurious interrupt'\n quirk (bsc#1051510).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: imx6: Fix link training status detection in link up\n check (bsc#1109806).\n\n - PCI: iproc: Remove PAXC slot check to allow VF support\n (bsc#1109806).\n\n - PCI: vmd: Assign vector zero to all bridges\n (bsc#1109806).\n\n - PCI: vmd: Detach resources after stopping root bus\n (bsc#1109806).\n\n - PCI: vmd: White list for fast interrupt handlers\n (bsc#1109806).\n\n - SUNRPC: Allow connect to return EHOSTUNREACH\n (git-fixes).\n\n - SUNRPC: Fix tracepoint storage issues with svc_recv and\n svc_rqst_status (git-fixes).\n\n - USB: misc: appledisplay: add 20' Apple Cinema Display\n (bsc#1051510).\n\n - USB: omap_udc: fix rejection of out transfers when DMA\n is used (bsc#1051510).\n\n - USB: quirks: Add no-lpm quirk for Raydium touchscreens\n (bsc#1051510).\n\n - USB: serial: option: add two-endpoints device-id flag\n (bsc#1051510).\n\n - USB: serial: option: drop redundant interface-class test\n (bsc#1051510).\n\n - USB: serial: option: improve Quectel EP06 detection\n (bsc#1051510).\n\n - VFS: close race between getcwd() and d_move()\n (git-fixes).\n\n - VMCI: Resource wildcard match fixed (bsc#1051510).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1116895).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine\n checks (bsc#1114279).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before\n using it (bsc#1114279).\n\n - act_ife: fix a potential use-after-free\n (networking-stable-18_09_11).\n\n - amd/iommu: Fix Guest Virtual APIC Log Tail Address\n Register (bsc#1106105).\n\n - arm64: KVM: Move CPU ID reg trap setup off the world\n switch path (bsc#1110998).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from\n userspace (bsc#1110998).\n\n - arm64: KVM: Tighten guest core register access from\n userspace (bsc#1110998).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ataflop: fix error handling during setup (bsc#1051510).\n\n - ath10k: schedule hardware restart if WMI command times\n out (bsc#1051510).\n\n - autofs: fix autofs_sbi() does not check super block type\n (git-fixes).\n\n - autofs: fix slab out of bounds read in getname_kernel()\n (git-fixes).\n\n - autofs: mount point create should honour passed in mode\n (git-fixes).\n\n - badblocks: fix wrong return value in badblocks_set if\n badblocks are disabled (git-fixes).\n\n - batman-adv: Expand merged fragment buffer for full\n packet (bsc#1051510).\n\n - batman-adv: Use explicit tvlv padding for ELP packets\n (bsc#1051510).\n\n - bitops: protect variables in bit_clear_unless() macro\n (bsc#1051510).\n\n - bitops: protect variables in set_mask_bits() macro\n (bsc#1051510).\n\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n\n - block: respect virtual boundary mask in bvecs\n (bsc#1113412).\n\n - bnxt_en: Fix TX timeout during netpoll\n (networking-stable-18_10_16).\n\n - bnxt_en: free hwrm resources, if driver probe fails\n (networking-stable-18_10_16).\n\n - bonding: avoid possible dead-lock\n (networking-stable-18_10_16).\n\n - bonding: fix length of actor system\n (networking-stable-18_11_02).\n\n - bonding: fix warning message\n (networking-stable-18_10_16).\n\n - bonding: pass link-local packets to bonding master also\n (networking-stable-18_10_16).\n\n - bpf, net: add skb_mac_header_len helper\n (networking-stable-18_09_24).\n\n - bpf: fix partial copy of map_ptr when dst is scalar\n (bsc#1083647).\n\n - bpf: wait for running BPF programs when updating\n map-in-map (bsc#1083647).\n\n - brcmfmac: fix for proper support of 160MHz bandwidth\n (bsc#1051510).\n\n - brcmfmac: fix reporting support for 160 MHz channels\n (bsc#1051510).\n\n - brcmutil: really fix decoding channel info for 160 MHz\n bandwidth (bsc#1051510).\n\n - bridge: do not add port to router list when receives\n query with source 0.0.0.0 (networking-stable-18_11_02).\n\n - btrfs: make sure we create all new block groups\n (bsc#1116699).\n\n - btrfs: protect space cache inode alloc with GFP_NOFS\n (bsc#1116863).\n\n - cachefiles: fix the race between\n cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel\n if can_priv::echo_skb is accessed out of bounds\n (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): print error message, if\n trying to echo non existing skb (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame\n by canfd_frame to access frame length (bsc#1051510).\n\n - can: dev: can_get_echo_skb(): factor out non sending\n code to __can_get_echo_skb() (bsc#1051510).\n\n - can: hi311x: Use level-triggered interrupt\n (bsc#1051510).\n\n - can: raw: check for CAN FD capable netdev in\n raw_sendmsg() (bsc#1051510).\n\n - can: rcar_can: Fix erroneous registration (bsc#1051510).\n\n - can: rx-offload: introduce can_rx_offload_get_echo_skb()\n and can_rx_offload_queue_sorted() functions\n (bsc#1051510).\n\n - cdc-acm: correct counting of UART states in serial state\n notification (bsc#1051510).\n\n - cdc-acm: do not reset notification buffer index upon urb\n unlinking (bsc#1051510).\n\n - ceph: fix dentry leak in ceph_readdir_prepopulate\n (bsc#1114839).\n\n - ceph: quota: fix NULL pointer dereference in quota check\n (bsc#1114839).\n\n - cfg80211: Address some corner cases in scan result\n channel updating (bsc#1051510).\n\n - cfg80211: fix use-after-free in reg_process_hint()\n (bsc#1051510).\n\n - clk: at91: Fix division by zero in PLL recalc_rate()\n (bsc#1051510).\n\n - clk: fixed-factor: fix of_node_get-put imbalance\n (bsc#1051510).\n\n - clk: fixed-rate: fix of_node_get-put imbalance\n (bsc#1051510).\n\n - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk\n (bsc#1051510).\n\n - clk: rockchip: Fix static checker warning in\n rockchip_ddrclk_get_parent call (bsc#1051510).\n\n - clk: s2mps11: Add used attribute to s2mps11_dt_match\n (bsc#1051510).\n\n - clk: s2mps11: Fix matching when built as module and DT\n node contains compatible (bsc#1051510).\n\n - clk: samsung: exynos5420: Enable PERIS clocks for\n suspend (bsc#1051510).\n\n - clockevents/drivers/i8253: Add support for PIT shutdown\n quirk (bsc#1051510).\n\n - configfs: replace strncpy with memcpy (bsc#1051510).\n\n - crypto: simd - correctly take reqsize of wrapped\n skcipher into account (bsc#1051510).\n\n - do d_instantiate/unlock_new_inode combinations safely\n (git-fixes).\n\n - driver/dma/ioat: Call del_timer_sync() without holding\n prep_lock (bsc#1051510).\n\n - drm/amdgpu: add missing CHIP_HAINAN in\n amdgpu_ucode_get_load_type (bsc#1051510).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n\n - drm/ast: Remove existing framebuffers before loading\n driver (boo#1112963)\n\n - drm/ast: change resolution may cause screen blurred\n (boo#1112963).\n\n - drm/ast: fixed cursor may disappear sometimes\n (bsc#1051510).\n\n - drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n\n - drm/dp_mst: Skip validating ports during destruction,\n just ref (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion\n 15-n233sl (bsc#1113722)\n\n - drm/i915/execlists: Force write serialisation into\n context image vs execution (bsc#1051510).\n\n - drm/i915/glk: Remove 99% limitation (bsc#1051510).\n\n - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N\n values (bsc#1051510).\n\n - drm/i915: Do not oops during modeset shutdown after lpe\n audio deinit (bsc#1051510).\n\n - drm/i915: Do not unset intel_connector->mst_port\n (bsc#1051510).\n\n - drm/i915: Fix ilk+ watermarks when disabling pipes\n (bsc#1051510).\n\n - drm/i915: Large page offsets for pread/pwrite\n (bsc#1051510).\n\n - drm/i915: Mark pin flags as u64 (bsc#1051510).\n\n - drm/i915: Skip vcpi allocation for MSTB ports that are\n gone (bsc#1051510).\n\n - drm/i915: Write GPU relocs harder with gen3\n (bsc#1051510).\n\n - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config\n (bsc#1051510).\n\n - drm/meson: Fix OOB memory accesses in\n meson_viu_set_osd_lut() (bsc#1051510).\n\n - drm/meson: add support for 1080p25 mode (bsc#1051510).\n\n - drm/nouveau: Check backlight IDs are >= 0, not > 0\n (bsc#1051510).\n\n - drm/omap: fix memory barrier bug in DMM driver\n (bsc#1051510).\n\n - drm/rockchip: Allow driver to be shutdown on\n reboot/kexec (bsc#1051510).\n\n - drm: fb-helper: Reject all pixel format changing\n requests (bsc#1113722)\n\n - ext4: add missing brelse() add_new_gdb_meta_bg()'s error\n path (bsc#1117795).\n\n - ext4: add missing brelse() in\n set_flexbg_block_bitmap()'s error path (bsc#1117794).\n\n - ext4: add missing brelse() update_backups()'s error path\n (bsc#1117796).\n\n - ext4: avoid buffer leak in ext4_orphan_add() after prior\n errors (bsc#1117802).\n\n - ext4: avoid buffer leak on shutdown in\n ext4_mark_iloc_dirty() (bsc#1117801).\n\n - ext4: avoid potential extra brelse in\n setup_new_flex_group_blocks() (bsc#1117792).\n\n - ext4: fix buffer leak in __ext4_read_dirblock() on error\n path (bsc#1117807).\n\n - ext4: fix buffer leak in ext4_xattr_move_to_block() on\n error path (bsc#1117806).\n\n - ext4: fix missing cleanup if ext4_alloc_flex_bg_array()\n fails while resizing (bsc#1117798).\n\n - ext4: fix possible inode leak in the retry loop of\n ext4_resize_fs() (bsc#1117799).\n\n - ext4: fix possible leak of s_journal_flag_rwsem in error\n path (bsc#1117804).\n\n - ext4: fix possible leak of sbi->s_group_desc_leak in\n error path (bsc#1117803).\n\n - ext4: fix setattr project check in fssetxattr ioctl\n (bsc#1117789).\n\n - ext4: fix use-after-free race in ext4_remount()'s error\n path (bsc#1117791).\n\n - ext4: initialize retries variable in\n ext4_da_write_inline_data_begin() (bsc#1117788).\n\n - ext4: propagate error from dquot_initialize() in\n EXT4_IOC_FSSETXATTR (bsc#1117790).\n\n - ext4: release bs.bh before re-using in\n ext4_xattr_block_find() (bsc#1117805).\n\n - fbdev: fix broken menu dependencies (bsc#1113722)\n\n - firmware: dcdbas: Add support for WSMT ACPI table\n (bsc#1089350 ).\n\n - firmware: dcdbas: include linux/io.h (bsc#1089350).\n\n - floppy: fix race condition in __floppy_read_block_0()\n (bsc#1051510).\n\n - flow_dissector: do not dissect l4 ports for fragments\n (networking-stable-18_11_21).\n\n - fs/dcache.c: fix kmemcheck splat at\n take_dentry_name_snapshot() (git-fixes).\n\n - fs: Make extension of struct super_block transparent\n (bsc#1117822).\n\n - fs: dcache: Avoid livelock between d_alloc_parallel and\n __d_add (git-fixes).\n\n - fs: dcache: Use READ_ONCE when accessing i_dir_seq\n (git-fixes).\n\n - fscache: fix race between enablement and dropping of\n object (bsc#1107385).\n\n - fsnotify: Fix busy inodes during unmount (bsc#1117822).\n\n - fsnotify: fix ignore mask logic in fsnotify()\n (bsc#1115074).\n\n - ftrace: Fix debug preempt config name in\n stack_tracer_{en,dis}able (bsc#1117172).\n\n - ftrace: Fix kmemleak in unregister_ftrace_graph\n (bsc#1117181).\n\n - ftrace: Fix memleak when unregistering dynamic ops when\n tracing disabled (bsc#1117174).\n\n - ftrace: Remove incorrect setting of glob search field\n (bsc#1117184).\n\n - genirq: Fix race on spurious interrupt detection\n (bsc#1051510).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (git-fixes).\n\n - gpio: do not free unallocated ida on\n gpiochip_add_data_with_key() error path (bsc#1051510).\n\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook\n (git-fixes).\n\n - gso_segment: Reset skb->mac_len after modifying network\n header (networking-stable-18_09_24).\n\n - hv_netvsc: ignore devices that are not PCI\n (networking-stable-18_09_11).\n\n - hwmon (ina2xx) Fix NULL id pointer in probe()\n (bsc#1051510).\n\n - hwmon: (core) Fix double-free in\n __hwmon_device_register() (bsc#1051510).\n\n - hwmon: (ibmpowernv) Remove bogus __init annotations\n (bsc#1051510).\n\n - hwmon: (ina2xx) Fix current value calculation\n (bsc#1051510).\n\n - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n\n - hwmon: (pmbus) Fix page count auto-detection\n (bsc#1051510).\n\n - hwmon: (pwm-fan) Set fan speed to 0 on suspend\n (bsc#1051510).\n\n - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n\n - hwmon: (w83795) temp4_type has writable permission\n (bsc#1051510).\n\n - ibmvnic: fix accelerated VLAN handling ().\n\n - ibmvnic: fix index in release_rx_pools (bsc#1115440,\n bsc#1115433).\n\n - ibmvnic: remove ndo_poll_controller ().\n\n - iio: accel: adxl345: convert address field usage in\n iio_chan_spec (bsc#1051510).\n\n - iio: ad5064: Fix regulator handling (bsc#1051510).\n\n - iio:st_magn: Fix enable device after trigger\n (bsc#1051510).\n\n - ima: fix showing large 'violations' or\n 'runtime_measurements_count' (bsc#1051510).\n\n - include/linux/pfn_t.h: force '~' to be parsed as an\n unary operator (bsc#1051510).\n\n - inet: make sure to grab rcu_read_lock before using\n ireq->ireq_opt (networking-stable-18_10_16).\n\n - iommu/arm-smmu: Ensure that page-table updates are\n visible before TLBI (bsc#1106237).\n\n - iommu/ipmmu-vmsa: Fix crash on early domain free\n (bsc#1106105).\n\n - iommu/vt-d: Fix NULL pointer dereference in\n prq_event_thread() (bsc#1106105).\n\n - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n\n - ip6_tunnel: Fix encapsulation layout\n (networking-stable-18_11_02).\n\n - ip6_tunnel: be careful when accessing the inner header\n (networking-stable-18_10_16).\n\n - ip6_vti: fix a NULL pointer deference when destroy vti6\n tunnel (networking-stable-18_09_11).\n\n - ip_tunnel: be careful when accessing the inner header\n (networking-stable-18_10_16).\n\n - ip_tunnel: do not force DF when MTU is locked\n (networking-stable-18_11_21).\n\n - ipmi: Fix timer race with module unload (bsc#1051510).\n\n - ipv4: lock mtu in fnhe when received PMTU\n net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n\n - ipv4: tcp: send zero IPID for RST and ACK sent in\n SYN-RECV and TIME-WAIT state\n (networking-stable-18_09_11).\n\n - ipv6/ndisc: Preserve IPv6 control buffer if protocol\n error handlers are called (networking-stable-18_11_02).\n\n - ipv6: fix possible use-after-free in ip6_xmit()\n (networking-stable-18_09_24).\n\n - ipv6: mcast: fix a use-after-free in inet6_mc_check\n (networking-stable-18_11_02).\n\n - ipv6: take rcu lock in rawv6_send_hdrinc()\n (networking-stable-18_10_16).\n\n - iwlwifi: dbg: allow wrt collection before ALIVE\n (bsc#1051510).\n\n - iwlwifi: do not WARN on trying to dump dead firmware\n (bsc#1051510).\n\n - iwlwifi: mvm: check for short GI only for OFDM\n (bsc#1051510).\n\n - iwlwifi: mvm: check return value of\n rs_rate_from_ucode_rate() (bsc#1051510).\n\n - iwlwifi: mvm: do not use SAR Geo if basic SAR is not\n used (bsc#1051510).\n\n - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n\n - iwlwifi: mvm: fix regulatory domain update when the\n firmware starts (bsc#1051510).\n\n - iwlwifi: mvm: support sta_statistics() even on older\n firmware (bsc#1051510).\n\n - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n\n - kABI: protect struct fib_nh_exception (kabi).\n\n - kABI: protect struct rtable (kabi).\n\n - kabi/severities: ignore __xive_vm_h_* KVM internal\n symbols.\n\n - kabi/severities: ignore ppc64 realmode helpers. KVM\n fixes remove exports of realmode_pfn_to_page\n iommu_tce_xchg_rm mm_iommu_lookup_rm\n mm_iommu_ua_to_hpa_rm. Some are no longer used and\n others are no longer exported because the code was\n consolideted in one place. These helpers are to be\n called in realmode and linking to them from non-KVM\n modules is a bug. Hence removing them does not break\n KABI.\n\n - kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n\n - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).\n\n - kbuild: move '_all' target out of $(KBUILD_SRC)\n conditional (bsc#1114279).\n\n - kgdboc: Passing ekgdboc to command line causes panic\n (bsc#1051510).\n\n - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n\n - libertas: do not set URB_ZERO_PACKET on IN USB transfer\n (bsc#1051510).\n\n - libnvdimm, region: Fail badblocks listing for inactive\n regions (bsc#1116899).\n\n - libnvdimm: Hold reference on parent while scheduling\n async init (bsc#1116891).\n\n - livepatch: create and include UAPI headers ().\n\n - llc: set SOCK_RCU_FREE in llc_sap_add_socket()\n (networking-stable-18_11_02).\n\n - lockd: fix 'list_add double add' caused by legacy signal\n interface (git-fixes).\n\n - mac80211: Always report TX status (bsc#1051510).\n\n - mac80211: TDLS: fix skb queue/priority assignment\n (bsc#1051510).\n\n - mac80211: fix TX status reporting for ieee80211s\n (bsc#1051510).\n\n - mac80211_hwsim: do not omit multicast announce of first\n added radio (bsc#1051510).\n\n - mach64: fix display corruption on big endian machines\n (bsc#1113722)\n\n - mach64: fix image corruption due to reading accelerator\n registers (bsc#1113722)\n\n - mailbox: PCC: handle parse error (bsc#1051510).\n\n - make sure that __dentry_kill() always invalidates d_seq,\n unhashed or not (git-fixes).\n\n - md/raid10: fix that replacement cannot complete recovery\n after reassemble (git-fixes).\n\n - md/raid1: add error handling of read error from FailFast\n device (git-fixes).\n\n - md/raid5-cache: disable reshape completely (git-fixes).\n\n - md/raid5: fix data corruption of replacements after\n originals dropped (git-fixes).\n\n - md: fix NULL dereference of mddev->pers in\n remove_and_add_spares() (git-fixes).\n\n - memory_hotplug: cond_resched in __remove_pages\n (bnc#1114178).\n\n - mfd: menelaus: Fix possible race condition and leak\n (bsc#1051510).\n\n - mfd: omap-usb-host: Fix dts probe of children\n (bsc#1051510).\n\n - mlxsw: spectrum: Fix IP2ME CPU policer configuration\n (networking-stable-18_11_21).\n\n - mm: handle no memcg case in memcg_kmem_charge() properly\n (bnc#1113677).\n\n - mm: rework memcg kernel stack accounting (bnc#1113677).\n\n - mmc: dw_mmc-rockchip: correct property names in debug\n (bsc#1051510).\n\n - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev\n 0x8620 rev 0x01 (bsc#1051510).\n\n - modpost: ignore livepatch unresolved relocations ().\n\n - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED\n mounts (bsc#1117819).\n\n - mount: Prevent MNT_DETACH from disconnecting locked\n mounts (bsc#1117820).\n\n - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n\n - neighbour: confirm neigh entries when ARP packet is\n received (networking-stable-18_09_24).\n\n - net-gro: reset skb->pkt_type in napi_reuse_skb()\n (networking-stable-18_11_21).\n\n - net/af_iucv: drop inbound packets with invalid flags\n (bnc#1113501, LTC#172679).\n\n - net/af_iucv: fix skb handling on HiperTransport xmit\n error (bnc#1113501, LTC#172679).\n\n - net/appletalk: fix minor pointer leak to userspace in\n SIOCFINDIPDDPRT (networking-stable-18_09_24).\n\n - net/ibmnvic: Fix deadlock problem in reset ().\n\n - net/ibmvnic: Fix RTNL deadlock during device reset\n (bnc#1115431).\n\n - net/ipv6: Display all addresses in output of\n /proc/net/if_inet6 (networking-stable-18_10_16).\n\n - net/ipv6: Fix index counter for unicast addresses in\n in6_dump_addrs (networking-stable-18_11_02).\n\n - net/mlx5: Check for error in mlx5_attach_interface\n (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix memory leak when creating\n switchdev mode FDB tables (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix out of bound access when setting\n vport rate (networking-stable-18_10_16).\n\n - net/mlx5: Fix debugfs cleanup in the device init/remove\n flow (networking-stable-18_09_18).\n\n - net/mlx5: Fix use-after-free in self-healing flow\n (networking-stable-18_09_18).\n\n - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page\n fault type (networking-stable-18_11_02).\n\n - net/mlx5e: Fix selftest for small MTUs\n (networking-stable-18_11_21).\n\n - net/mlx5e: Set vlan masks for all offloaded TC rules\n (networking-stable-18_10_16).\n\n - net/packet: fix packet drop as of virtio gso\n (networking-stable-18_10_16).\n\n - net/sched: act_pedit: fix dump of extended layered op\n (networking-stable-18_09_11).\n\n - net/sched: act_sample: fix NULL dereference in the data\n path (networking-stable-18_09_24).\n\n - net/usb: cancel pending work when unbinding smsc75xx\n (networking-stable-18_10_16).\n\n - net: aquantia: memory corruption on jumbo frames\n (networking-stable-18_10_16).\n\n - net: bcmgenet: Poll internal PHY for GENETv5\n (networking-stable-18_11_02).\n\n - net: bcmgenet: protect stop from timeout\n (networking-stable-18_11_21).\n\n - net: bcmgenet: use MAC link status for fixed phy\n (networking-stable-18_09_11).\n\n - net: bridge: remove ipv6 zero address check in mcast\n queries (git-fixes).\n\n - net: dsa: bcm_sf2: Call setup during switch resume\n (networking-stable-18_10_16).\n\n - net: dsa: bcm_sf2: Fix unbind ordering\n (networking-stable-18_10_16).\n\n - net: ena: Fix Kconfig dependency on X86 (bsc#1111696\n bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues\n in ena_com (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues\n in ena_netdev (bsc#1111696 bsc#1117561).\n\n - net: ena: change rx copybreak default to reduce kernel\n memory pressure (bsc#1111696 bsc#1117561).\n\n - net: ena: complete host info to match latest ENA spec\n (bsc#1111696 bsc#1117561).\n\n - net: ena: enable Low Latency Queues (bsc#1111696\n bsc#1117561).\n\n - net: ena: explicit casting and initialization, and\n clearer error handling (bsc#1111696 bsc#1117561).\n\n - net: ena: fix NULL dereference due to untimely napi\n initialization (bsc#1111696 bsc#1117561).\n\n - net: ena: fix auto casting to boolean (bsc#1111696\n bsc#1117561).\n\n - net: ena: fix compilation error in xtensa architecture\n (bsc#1111696 bsc#1117561).\n\n - net: ena: fix crash during failed resume from\n hibernation (bsc#1111696 bsc#1117561).\n\n - net: ena: fix indentations in ena_defs for better\n readability (bsc#1111696 bsc#1117561).\n\n - net: ena: fix rare bug when failed restart/resume is\n followed by driver removal (bsc#1111696 bsc#1117561).\n\n - net: ena: fix warning in rmmod caused by double iounmap\n (bsc#1111696 bsc#1117561).\n\n - net: ena: introduce Low Latency Queues data structures\n according to ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: limit refill Rx threshold to 256 to avoid\n latency issues (bsc#1111696 bsc#1117561).\n\n - net: ena: minor performance improvement (bsc#1111696\n bsc#1117561).\n\n - net: ena: remove ndo_poll_controller (bsc#1111696\n bsc#1117561).\n\n - net: ena: remove redundant parameter in\n ena_com_admin_init() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version to 2.0.1 (bsc#1111696\n bsc#1117561).\n\n - net: ena: use CSUM_CHECKED device indication to report\n skb's checksum status (bsc#1111696 bsc#1117561).\n\n - net: fec: do not dump RX FIFO register when not\n available (networking-stable-18_11_02).\n\n - net: hns: fix for unmapping problem when SMMU is on\n (networking-stable-18_10_16).\n\n - net: hp100: fix always-true check for link up state\n (networking-stable-18_09_24).\n\n - net: ibm: fix return type of ndo_start_xmit function ().\n\n - net: ipmr: fix unresolved entry dumps\n (networking-stable-18_11_02).\n\n - net: macb: do not disable MDIO bus at open/close time\n (networking-stable-18_09_11).\n\n - net: mvpp2: Extract the correct ethtype from the skb for\n tx csum offload (networking-stable-18_10_16).\n\n - net: mvpp2: fix a txq_done race condition\n (networking-stable-18_10_16).\n\n - net: phy: mdio-gpio: Fix working over slow can_sleep\n GPIOs (networking-stable-18_11_21).\n\n - net: qca_spi: Fix race condition in spi transfers\n (networking-stable-18_09_18).\n\n - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n\n - net: sched: Fix for duplicate class dump\n (networking-stable-18_11_02).\n\n - net: sched: Fix memory exposure from short TCA_U32_SEL\n (networking-stable-18_09_11).\n\n - net: sched: action_ife: take reference to meta module\n (networking-stable-18_09_11).\n\n - net: sched: gred: pass the right attribute to\n gred_change_table_def() (networking-stable-18_11_02).\n\n - net: smsc95xx: Fix MTU range\n (networking-stable-18_11_21).\n\n - net: socket: fix a missing-check bug\n (networking-stable-18_11_02).\n\n - net: stmmac: Fix stmmac_mdio_reset() when building\n stmmac as modules (networking-stable-18_11_02).\n\n - net: stmmac: Fixup the tail addr setting in xmit path\n (networking-stable-18_10_16).\n\n - net: systemport: Fix wake-up interrupt race during\n resume (networking-stable-18_10_16).\n\n - net: systemport: Protect stop from timeout\n (networking-stable-18_11_21).\n\n - net: udp: fix handling of CHECKSUM_COMPLETE packets\n (networking-stable-18_11_02).\n\n - netlabel: check for IPV4MASK in addrinfo_get\n (networking-stable-18_10_16).\n\n - nfp: wait for posted reconfigs when disabling the device\n (networking-stable-18_09_11).\n\n - nfs: do not wait on commit in nfs_commit_inode() if\n there were no commit requests (git-fixes).\n\n - nfsd4: permit layoutget of executable-only files\n (git-fixes).\n\n - nfsd: CLOSE SHOULD return the invalid special stateid\n for NFSv4.x (x>0) (git-fixes).\n\n - nfsd: Ensure we check stateid validity in the seqid\n operation checks (git-fixes).\n\n - nfsd: Fix another OPEN stateid race (git-fixes).\n\n - nfsd: Fix stateid races between OPEN and CLOSE\n (git-fixes).\n\n - nfsd: check for use of the closed special stateid\n (git-fixes).\n\n - nfsd: deal with revoked delegations appropriately\n (git-fixes).\n\n - nfsd: fix corrupted reply to badly ordered compound\n (git-fixes).\n\n - nfsd: fix potential use-after-free in\n nfsd4_decode_getdeviceinfo (git-fixes).\n\n - nfsd: restrict rd_maxcount to svc_max_payload in\n nfsd_encode_readdir (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds\n (bsc#1051510).\n\n - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT\n (bsc#1051510).\n\n - nospec: Include asm/barrier.h dependency (bsc#1114279).\n\n - nvme: Free ctrl device name on init failure ().\n\n - ocfs2: fix a misuse a of brelse after failing\n ocfs2_check_dir_entry (bsc#1117817).\n\n - ocfs2: fix locking for res->tracking and\n dlm->tracking_list (bsc#1117816).\n\n - ocfs2: fix ocfs2 read block panic (bsc#1117815).\n\n - ocfs2: free up write context when direct IO failed\n (bsc#1117821).\n\n - ocfs2: subsystem.su_mutex is required while accessing\n the item->ci_parent (bsc#1117808).\n\n - openvswitch: Fix push/pop ethernet validation\n (networking-stable-18_11_02).\n\n - pNFS: Always free the session slot on error in\n nfs4_layoutget_handle_exception (git-fixes).\n\n - pNFS: Prevent the layout header refcount going to zero\n in pnfs_roc() (git-fixes).\n\n - pci: dwc: remove duplicate fix References: bsc#1115269\n Patch has been already applied by the following commit:\n 9f73db8b7c PCI: dwc: Fix enumeration end when reaching\n root subordinate (bsc#1051510)\n\n - pcmcia: Implement CLKRUN protocol disabling for Ricoh\n bridges (bsc#1051510).\n\n - percpu: make this_cpu_generic_read() atomic w.r.t.\n interrupts (bsc#1114279).\n\n - perf: fix invalid bit in diagnostic entry (git-fixes).\n\n - pinctrl: at91-pio4: fix has_config check in\n atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n\n - pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix drive strength setting\n (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix err handling of\n pmic_mpp_set_mux (bsc#1051510).\n\n - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be\n compliant (bsc#1051510).\n\n - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be\n compliant (bsc#1051510).\n\n - pipe: match pipe_max_size data type with procfs\n (git-fixes).\n\n - platform/x86: acerhdf: Add BIOS entry for Gateway LT31\n v1.3307 (bsc#1051510).\n\n - platform/x86: intel_telemetry: report debugfs failure\n (bsc#1051510).\n\n - pnfs: Do not release the sequence slot until we've\n processed layoutget on open (git-fixes).\n\n - power: supply: max8998-charger: Fix platform data\n retrieval (bsc#1051510).\n\n - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs\n before POWER9 (bsc#1065729).\n\n - powerpc/boot: Fix opal console in boot wrapper\n (bsc#1065729).\n\n - powerpc/kvm/booke: Fix altivec related build break\n (bsc#1061840).\n\n - powerpc/kvm: Switch kvm pmd allocator to custom\n allocator (bsc#1061840).\n\n - powerpc/mm/keys: Move pte bits to correct headers\n (bsc#1078248).\n\n - powerpc/mm: Fix typo in comments (bsc#1065729).\n\n - powerpc/mm: Rename find_linux_pte_or_hugepte()\n (bsc#1061840).\n\n - powerpc/npu-dma.c: Fix crash after\n __mmu_notifier_register failure (bsc#1055120).\n\n - powerpc/perf: Update raw-event code encoding comment for\n power8 (bsc#1065729).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels on\n demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Finish removing explicit max\n window size check (bsc#1061840).\n\n - powerpc/powernv/ioda: Remove explicit max window size\n check (bsc#1061840).\n\n - powerpc/powernv/npu: Add lock to prevent race in\n concurrent context init/destroy (bsc#1055120).\n\n - powerpc/powernv/npu: Do not explicitly flush nmmu tlb\n (bsc#1055120).\n\n - powerpc/powernv/npu: Fix deadlock in mmio_invalidate()\n (bsc#1055120).\n\n - powerpc/powernv/npu: Prevent overwriting of\n pnv_npu2_init_contex() callback parameters\n (bsc#1055120).\n\n - powerpc/powernv/npu: Use flush_all_mm() instead of\n flush_tlb_mm() (bsc#1055120).\n\n - powerpc/powernv/pci: Work around races in PCI bridge\n enabling (bsc#1055120).\n\n - powerpc/powernv: Add indirect levels to it_userspace\n (bsc#1061840).\n\n - powerpc/powernv: Do not select the cpufreq governors\n (bsc#1065729).\n\n - powerpc/powernv: Fix concurrency issue with\n npu->mmio_atsd_usage (bsc#1055120).\n\n - powerpc/powernv: Fix opal_event_shutdown() called with\n interrupts disabled (bsc#1065729).\n\n - powerpc/powernv: Move TCE manupulation code to its own\n file (bsc#1061840).\n\n - powerpc/powernv: Rework TCE level allocation\n (bsc#1061840).\n\n - powerpc/pseries/mobility: Extend start/stop topology\n update scope (bsc#1116950, bsc#1115709).\n\n - powerpc/pseries: Fix DTL buffer registration\n (bsc#1065729).\n\n - powerpc/pseries: Fix how we iterate over the DTL entries\n (bsc#1065729).\n\n - powerpc/xive: Move definition of ESB bits (bsc#1061840).\n\n - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump\n (bsc#1061840).\n\n - pppoe: fix reception of frames with no mac header\n (networking-stable-18_09_24).\n\n - printk: Fix panic caused by passing log_buf_len to\n command line (bsc#1117168).\n\n - provide linux/set_memory.h (bsc#1113295).\n\n - ptp: fix Spectre v1 vulnerability (bsc#1051510).\n\n - pwm: lpss: Release runtime-pm reference from the\n driver's remove callback (bsc#1051510).\n\n - pxa168fb: prepare the clock (bsc#1051510).\n\n - qmi_wwan: Support dynamic config on Quectel EP06\n (bsc#1051510).\n\n - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared\n device ID (bsc#1051510).\n\n - r8169: fix NAPI handling under high load\n (networking-stable-18_11_02).\n\n - race of lockd inetaddr notifiers vs nlmsvc_rqst change\n (git-fixes).\n\n - rds: fix two RCU related problems\n (networking-stable-18_09_18).\n\n - remoteproc: qcom: Fix potential device node leaks\n (bsc#1051510).\n\n - reset: hisilicon: fix potential NULL pointer dereference\n (bsc#1051510).\n\n - reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n\n - resource: Include resource end in walk_*() interfaces\n (bsc#1114279).\n\n - rpm/kernel-binary.spec.in: add macros.s into\n kernel-*-devel Starting with 4.20-rc1, file\n arch/*/kernel/macros.s is needed to build out of tree\n modules. Add it to kernel-${flavor}-devel packages if it\n exists.\n\n - rpm/kernel-binary.spec.in: allow unsupported modules for\n -extra (bsc#1111183). SLE-15 and later only.\n\n - rpm/kernel-source.spec.in: Add patches.drm for moved DRM\n patches\n\n - rpm: use syncconfig instead of silentoldconfig where\n available Since mainline commit 0085b4191f3e ('kconfig:\n remove silentoldconfig target'), 'make silentoldconfig'\n can be no longer used. Use 'make syncconfig' instead if\n available.\n\n - rtnetlink: Disallow FDB configuration for non-Ethernet\n device (networking-stable-18_11_02).\n\n - rtnetlink: fix rtnl_fdb_dump() for ndmsg header\n (networking-stable-18_10_16).\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to\n 4096 (networking-stable-18_10_16).\n\n - s390/cpum_sf: Add data entry sizes to sampling trailer\n entry (git-fixes).\n\n - s390/kvm: fix deadlock when killed by oom (bnc#1113501,\n LTC#172235).\n\n - s390/mm: Check for valid vma before zapping in\n gmap_discard (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback\n (git-fixes).\n\n - s390/qeth: fix HiperSockets sniffer (bnc#1113501,\n LTC#172953).\n\n - s390/qeth: handle failure on workqueue creation\n (git-fixes).\n\n - s390/qeth: report 25Gbit link speed (bnc#1113501,\n LTC#172959).\n\n - s390/sclp_tty: enable line mode tty even if there is an\n ascii console (git-fixes).\n\n - s390/sthyi: add cache to store hypervisor info\n (LTC#160415, bsc#1068273).\n\n - s390/sthyi: add s390_sthyi system call (LTC#160415,\n bsc#1068273).\n\n - s390/sthyi: reorganize sthyi implementation (LTC#160415,\n bsc#1068273).\n\n - s390: qeth: Fix potential array overrun in cmd/rc lookup\n (bnc#1113501, LTC#172682).\n\n - s390: qeth_core_mpc: Use ARRAY_SIZE instead of\n reimplementing its function (bnc#1113501, LTC#172682).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - scripts/git_sort/git_sort.py: add mkp/scsi.git\n 4.21/scsi-queue\n\n - scsi: core: Avoid that SCSI device removal through sysfs\n triggers a deadlock (bsc#1114578).\n\n - scsi: libsas: remove irq save in sas_ata_qc_issue()\n (bsc#1114580).\n\n - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n\n - scsi: lpfc: Correct errors accessing fw log\n (bsc#1114015).\n\n - scsi: lpfc: Correct invalid EQ doorbell write on\n if_type=6 (bsc#1114015).\n\n - scsi: lpfc: Correct irq handling via locks when taking\n adapter offline (bsc#1114015).\n\n - scsi: lpfc: Correct loss of fc4 type on remote port\n address change (bsc#1114015).\n\n - scsi: lpfc: Correct race with abort on completion path\n (bsc#1114015).\n\n - scsi: lpfc: Correct soft lockup when running mds\n diagnostics (bsc#1114015).\n\n - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n\n - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN\n (bsc#1114015).\n\n - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by\n ABTS Timeout event (bsc#1114015).\n\n - scsi: lpfc: Fix errors in log messages (bsc#1114015).\n\n - scsi: lpfc: Fix lpfc_sli4_read_config return value check\n (bsc#1114015).\n\n - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in\n point-to-point (bsc#1114015).\n\n - scsi: lpfc: Implement GID_PT on Nameserver query to\n support faster failover (bsc#1114015).\n\n - scsi: lpfc: Raise nvme defaults to support a larger io\n and more connectivity (bsc#1114015).\n\n - scsi: lpfc: Remove set but not used variable 'sgl_size'\n (bsc#1114015).\n\n - scsi: lpfc: Reset link or adapter instead of doing\n infinite nameserver PLOGI retry (bsc#1114015).\n\n - scsi: lpfc: Synchronize access to remoteport via rport\n (bsc#1114015).\n\n - scsi: lpfc: add Trunking support (bsc#1114015).\n\n - scsi: lpfc: add support to retrieve firmware logs\n (bsc#1114015).\n\n - scsi: lpfc: fcoe: Fix link down issue after 1000+ link\n bounces (bsc#1114015).\n\n - scsi: lpfc: raise sg count for nvme to use available sg\n resources (bsc#1114015).\n\n - scsi: lpfc: reduce locking when updating statistics\n (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.7\n (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.8\n (bsc#1114015).\n\n - scsi: qlogicpti: Fix an error handling path in\n 'qpti_sbus_probe()' (bsc#1114581).\n\n - scsi: scsi_transport_srp: Fix shost to rport translation\n (bsc#1114582).\n\n - scsi: sg: fix minor memory leak in error path\n (bsc#1114584).\n\n - scsi: sysfs: Introduce\n sysfs_{un,}break_active_protection() (bsc#1114578).\n\n - scsi: target/tcm_loop: Avoid that static checkers warn\n about dead code (bsc#1114577).\n\n - scsi: target: Fix fortify_panic kernel exception\n (bsc#1114576).\n\n - scsi: target: tcmu: add read length support\n (bsc#1097755).\n\n - sctp: fix race on sctp_id2asoc\n (networking-stable-18_11_02).\n\n - sctp: fix strchange_flags name for Stream Change Event\n (networking-stable-18_11_21).\n\n - sctp: hold transport before accessing its asoc in\n sctp_transport_get_next (networking-stable-18_09_11).\n\n - sctp: not allow to set asoc prsctp_enable by sockopt\n (networking-stable-18_11_21).\n\n - sctp: not increase stream's incnt before sending\n addstrm_in request (networking-stable-18_11_21).\n\n - skip LAYOUTRETURN if layout is invalid (git-fixes).\n\n - soc: fsl: qbman: qman: avoid allocating from non\n existing gen_pool (bsc#1051510).\n\n - soc: ti: QMSS: Fix usage of irq_set_affinity_hint\n (bsc#1051510).\n\n - staging: rtl8723bs: Fix the return value in case of\n error in 'rtw_wx_read32()' (bsc#1051510).\n\n - staging: vchiq_arm: fix compat\n VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n\n - staging:iio:ad7606: fix voltage scales (bsc#1051510).\n\n - sunrpc: Do not use stack buffer with scatterlist\n (git-fixes).\n\n - sunrpc: Fix rpc_task_begin trace point (git-fixes).\n\n - target: fix buffer offset in\n core_scsi3_pri_read_full_status (bsc1117349).\n\n - tcp: do not restart timewait timer on rst reception\n (networking-stable-18_09_11).\n\n - test_firmware: fix error return getting clobbered\n (bsc#1051510).\n\n - tg3: Add PHY reset for 5717/5719/5720 in change ring and\n flow control paths (networking-stable-18_11_21).\n\n - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n\n - thermal: da9062/61: Prevent hardware access during\n system suspend (bsc#1051510).\n\n - thermal: rcar_thermal: Prevent hardware access during\n system suspend (bsc#1051510).\n\n - tipc: do not assume linear buffer when reading ancillary\n data (networking-stable-18_11_21).\n\n - tipc: fix a missing rhashtable_walk_exit()\n (networking-stable-18_09_11).\n\n - tipc: fix flow control accounting for implicit connect\n (networking-stable-18_10_16).\n\n - tpm2-cmd: allow more attempts for selftest execution\n (bsc#1082555).\n\n - tpm: React correctly to RC_TESTING from TPM 2.0 self\n tests (bsc#1082555).\n\n - tpm: Restore functionality to xen vtpm driver\n (bsc#1082555).\n\n - tpm: Trigger only missing TPM 2.0 self tests\n (bsc#1082555).\n\n - tpm: Use dynamic delay to wait for TPM 2.0 self test\n result (bsc#1082555).\n\n - tpm: add retry logic (bsc#1082555).\n\n - tpm: consolidate the TPM startup code (bsc#1082555).\n\n - tpm: do not suspend/resume if power stays on\n (bsc#1082555).\n\n - tpm: fix intermittent failure with self tests\n (bsc#1082555).\n\n - tpm: fix response size validation in tpm_get_random()\n (bsc#1082555).\n\n - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND\n to tpm_input_header (bsc#1082555).\n\n - tpm: move endianness conversion of ordinals to\n tpm_input_header (bsc#1082555).\n\n - tpm: move the delay_msec increment after sleep in\n tpm_transmit() (bsc#1082555).\n\n - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0\n generic drivers (bsc#1082555).\n\n - tpm: self test failure should not cause suspend to fail\n (bsc#1082555).\n\n - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc\n (bsc#1082555).\n\n - tpm: use tpm2_pcr_read() in tpm2_do_selftest()\n (bsc#1082555).\n\n - tpm: use tpm_buf functions in tpm2_pcr_read()\n (bsc#1082555).\n\n - tracing: Apply trace_clock changes to instance max\n buffer (bsc#1117188).\n\n - tracing: Erase irqsoff trace with empty write\n (bsc#1117189).\n\n - tty: Do not block on IO when ldisc change is pending\n (bnc#1105428).\n\n - tty: check name length in tty_find_polling_driver()\n (bsc#1051510).\n\n - tty: wipe buffer (bsc#1051510).\n\n - tty: wipe buffer if not echoing data (bsc#1051510).\n\n - tun: Consistently configure generic netdev params via\n rtnetlink (bsc#1051510).\n\n - tuntap: fix multiqueue rx (networking-stable-18_11_21).\n\n - udp4: fix IP_CMSG_CHECKSUM for connected sockets\n (networking-stable-18_09_24).\n\n - udp6: add missing checks on edumux packet processing\n (networking-stable-18_09_24).\n\n - udp6: fix encap return code for resubmitting\n (git-fixes).\n\n - uio: Fix an Oops on load (bsc#1051510).\n\n - uio: ensure class is registered before devices\n (bsc#1051510).\n\n - uio: make symbol 'uio_class_registered' static\n (bsc#1051510).\n\n - usb: cdc-acm: add entry for Hiro (Conexant) modem\n (bsc#1051510).\n\n - usb: core: Fix hub port connection events lost\n (bsc#1051510).\n\n - usb: dwc2: host: Do not retry NAKed transactions right\n away (bsc#1114385).\n\n - usb: dwc2: host: do not delay retries for CONTROL IN\n transfers (bsc#1114385).\n\n - usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n\n - usb: dwc3: gadget: Properly check last unaligned/zero\n chain TRB (bsc#1051510).\n\n - usb: dwc3: gadget: fix ISOC TRB type on unaligned\n transfers (bsc#1051510).\n\n - usb: gadget: storage: Fix Spectre v1 vulnerability\n (bsc#1051510).\n\n - usb: gadget: u_ether: fix unsafe list iteration\n (bsc#1051510).\n\n - usb: gadget: udc: atmel: handle at91sam9rl PMC\n (bsc#1051510).\n\n - usb: host: ohci-at91: fix request of irq for optional\n gpio (bsc#1051510).\n\n - usb: quirks: Add delay-init quirk for Corsair K70 LUX\n RGB (bsc#1051510).\n\n - usb: xhci: fix timeout for transition from RExit to U0\n (bsc#1051510).\n\n - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison\n overwritten (bsc#1051510).\n\n - usbnet: smsc95xx: disable carrier check while suspending\n (bsc#1051510).\n\n - vfs: fix freeze protection in mnt_want_write_file() for\n overlayfs (git-fixes).\n\n - vhost/scsi: truncate T10 PI iov_iter to prot_bytes\n (bsc#1051510).\n\n - vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n\n - virtio_net: avoid using netif_tx_disable() for\n serializing tx routine (networking-stable-18_11_02).\n\n - w1: omap-hdq: fix missing bus unregister at removal\n (bsc#1051510).\n\n - x86, hibernate: Fix nosave_regions setup for hibernation\n (bsc#1110006).\n\n - x86/MCE: Make correctable error detection look at the\n Deferred bit (bsc#1114279).\n\n - x86/corruption-check: Fix panic in\n memory_corruption_check() when boot option without value\n is provided (bsc#1110006).\n\n - x86/cpu/vmware: Do not trace vmware_sched_clock()\n (bsc#1114279).\n\n - x86/irq: implement\n irq_data_get_effective_affinity_mask() for v4.12\n (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error\n (bsc#1114279).\n\n - x86/ldt: Remove unused variable in map_ldt_struct()\n (bsc#1114279).\n\n - x86/ldt: Split out sanity check in map_ldt_struct()\n (bsc#1114279).\n\n - x86/ldt: Unmap PTEs for the slot before freeing LDT\n pages (bsc#1114279).\n\n - x86/mm/pat: Disable preemption around __flush_tlb_all()\n (bsc#1114279).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs\n ().\n\n - x86/xen: Fix boot loader version reported for PVH guests\n (bnc#1065600).\n\n - xen-swiotlb: use actually allocated size on check\n physical continuous (bnc#1065600).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/blkfront: avoid NULL blkfront_info dereference on\n device removal (bsc#1111062).\n\n - xen/netfront: do not bug in case of too many frags\n (bnc#1104824).\n\n - xen/pvh: do not try to unplug emulated devices\n (bnc#1065600).\n\n - xen/pvh: increase early stack size (bnc#1065600).\n\n - xen: fix race in xen_qlock_wait() (bnc#1107256).\n\n - xen: fix xen_qlock_wait() (bnc#1107256).\n\n - xen: make xen_qlock_wait() nestable (bnc#1107256).\n\n - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).\n\n - xfs: Properly detect when DAX won't be used on any\n device (bsc#1115976).\n\n - xhci: Add check for invalid byte size error when UAS\n devices are connected (bsc#1051510).\n\n - xhci: Fix leaking USB3 shared_hcd at xhci removal\n (bsc#1051510).\n\n - xprtrdma: Do not defer fencing an async RPC's chunks\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/325723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326849\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:21:02", "description": "The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nThe following non-security bugs were fixed :\n\n - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).\n\n - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).\n\n - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).\n\n - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). \n\n - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).\n\n - ACPICA: Tables: Add WSMT support (bsc#1089350).\n\n - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).\n\n - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).\n\n - ALSA: control: Fix race between adding and removing a user element (bsc#1051510).\n\n - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).\n\n - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).\n\n - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).\n\n - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510).\n\n - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).\n\n - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).\n\n - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).\n\n - ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n\n - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).\n\n - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).\n\n - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).\n\n - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).\n\n - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).\n\n - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).\n\n - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).\n\n - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).\n\n - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).\n\n - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)\n\n - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).\n\n - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).\n\n - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n\n - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).\n\n - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).\n\n - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).\n\n - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).\n\n - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).\n\n - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).\n\n - Btrfs: fix deadlock when writing out free space caches (bsc#1116700).\n\n - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).\n\n - Btrfs: fix NULL pointer dereference on compressed write path error (bsc#1116698).\n\n - Btrfs: fix use-after-free during inode eviction (bsc#1116701).\n\n - Btrfs: fix use-after-free when dumping free space (bsc#1116862).\n\n - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).\n\n - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).\n\n - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).\n\n - Documentation/l1tf: Fix typos (bsc#1051510).\n\n - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).\n\n - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279).\n\n - EDAC: Raise the maximum number of memory controllers (bsc#1113780).\n\n - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809).\n\n - Fix some patch headers which diverge from RFC5322 Manually fix some patches which have an invalid header.\n\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n\n - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).\n\n - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).\n\n - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n\n - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).\n\n - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).\n\n - Input: xpad - fix some coding style issues (bsc#1051510).\n\n - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes).\n\n - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840).\n\n - KABI: powerpc: Revert npu callback signature change (bsc#1055120).\n\n - KABI: powerpc: export __find_linux_pte as\n __find_linux_pte_or_hugepte (bsc#1061840).\n\n - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840).\n\n - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840).\n\n - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix trap number return from\n __kvmppc_vcore_entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840).\n\n - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).\n\n - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840).\n\n - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).\n\n - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840).\n\n - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).\n\n - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840).\n\n - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).\n\n - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840).\n\n - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).\n\n - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n\n - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).\n\n - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).\n\n - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).\n\n - KVM: s390: vsie: copy wrapping keys to right place (git-fixes).\n\n - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).\n\n - MD: fix invalid stored role for a disk - try2 (git-fixes).\n\n - NFS: Avoid RCU usage in tracepoints (git-fixes).\n\n - NFS: Ensure we commit after writeback is complete (bsc#1111809).\n\n - NFS: Fix a typo in nfs_rename() (git-fixes).\n\n - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes).\n\n - NFS: Fix typo in nomigration mount option (git-fixes).\n\n - NFS: Fix unstable write completion (git-fixes).\n\n - NFS: commit direct writes even if they fail partially (git-fixes).\n\n - NFSv4.0 fix client reference leak in callback (git-fixes).\n\n - NFSv4.1 fix infinite loop on I/O (git-fixes).\n\n - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).\n\n - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n\n - NFSv4.1: Fix up replays of interrupted requests (git-fixes).\n\n - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).\n\n - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).\n\n - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).\n\n - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: imx6: Fix link training status detection in link up check (bsc#1109806).\n\n - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).\n\n - PCI: vmd: Assign vector zero to all bridges (bsc#1109806).\n\n - PCI: vmd: Detach resources after stopping root bus (bsc#1109806).\n\n - PCI: vmd: White list for fast interrupt handlers (bsc#1109806).\n\n - SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes).\n\n - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).\n\n - USB: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510).\n\n - USB: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).\n\n - USB: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).\n\n - USB: serial: option: add two-endpoints device-id flag (bsc#1051510).\n\n - USB: serial: option: drop redundant interface-class test (bsc#1051510).\n\n - USB: serial: option: improve Quectel EP06 detection (bsc#1051510).\n\n - VFS: close race between getcwd() and d_move() (git-fixes).\n\n - VMCI: Resource wildcard match fixed (bsc#1051510).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1116895).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279).\n\n - act_ife: fix a potential use-after-free (networking-stable-18_09_11).\n\n - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).\n\n - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998).\n\n - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ataflop: fix error handling during setup (bsc#1051510).\n\n - ath10k: schedule hardware restart if WMI command times out (bsc#1051510).\n\n - autofs: fix autofs_sbi() does not check super block type (git-fixes).\n\n - autofs: fix slab out of bounds read in getname_kernel() (git-fixes).\n\n - autofs: mount point create should honour passed in mode (git-fixes).\n\n - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes).\n\n - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).\n\n - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).\n\n - bitops: protect variables in bit_clear_unless() macro (bsc#1051510).\n\n - bitops: protect variables in set_mask_bits() macro (bsc#1051510).\n\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n\n - block: respect virtual boundary mask in bvecs (bsc#1113412).\n\n - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).\n\n - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).\n\n - bonding: avoid possible dead-lock (networking-stable-18_10_16).\n\n - bonding: fix length of actor system (networking-stable-18_11_02).\n\n - bonding: fix warning message (networking-stable-18_10_16).\n\n - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).\n\n - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).\n\n - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).\n\n - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).\n\n - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).\n\n - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).\n\n - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).\n\n - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).\n\n - btrfs: make sure we create all new block groups (bsc#1116699).\n\n - btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).\n\n - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).\n\n - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).\n\n - can: hi311x: Use level-triggered interrupt (bsc#1051510).\n\n - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).\n\n - can: rcar_can: Fix erroneous registration (bsc#1051510).\n\n - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).\n\n - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).\n\n - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).\n\n - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).\n\n - ceph: quota: fix NULL pointer dereference in quota check (bsc#1114839).\n\n - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).\n\n - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).\n\n - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).\n\n - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).\n\n - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).\n\n - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).\n\n - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).\n\n - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).\n\n - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).\n\n - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).\n\n - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).\n\n - configfs: replace strncpy with memcpy (bsc#1051510).\n\n - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).\n\n - do d_instantiate/unlock_new_inode combinations safely (git-fixes).\n\n - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).\n\n - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n\n - drm/ast: Remove existing framebuffers before loading driver (boo#1112963)\n\n - drm/ast: change resolution may cause screen blurred (boo#1112963).\n\n - drm/ast: fixed cursor may disappear sometimes (bsc#1051510).\n\n - drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n\n - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)\n\n - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).\n\n - drm/i915/glk: Remove 99% limitation (bsc#1051510).\n\n - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).\n\n - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).\n\n - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).\n\n - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).\n\n - drm/i915: Large page offsets for pread/pwrite (bsc#1051510).\n\n - drm/i915: Mark pin flags as u64 (bsc#1051510).\n\n - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).\n\n - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).\n\n - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).\n\n - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).\n\n - drm/meson: add support for 1080p25 mode (bsc#1051510).\n\n - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).\n\n - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).\n\n - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).\n\n - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)\n\n - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795).\n\n - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794).\n\n - ext4: add missing brelse() update_backups()'s error path (bsc#1117796).\n\n - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).\n\n - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).\n\n - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).\n\n - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).\n\n - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).\n\n - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).\n\n - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).\n\n - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).\n\n - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803).\n\n - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).\n\n - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791).\n\n - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).\n\n - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).\n\n - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).\n\n - fbdev: fix broken menu dependencies (bsc#1113722)\n\n - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).\n\n - firmware: dcdbas: include linux/io.h (bsc#1089350).\n\n - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).\n\n - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).\n\n - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes).\n\n - fs: Make extension of struct super_block transparent (bsc#1117822).\n\n - fs: dcache: Avoid livelock between d_alloc_parallel and\n __d_add (git-fixes).\n\n - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).\n\n - fscache: fix race between enablement and dropping of object (bsc#1107385).\n\n - fsnotify: Fix busy inodes during unmount (bsc#1117822).\n\n - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).\n\n - ftrace: Fix debug preempt config name in stack_tracer_(en,dis)able (bsc#1117172).\n\n - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).\n\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).\n\n - ftrace: Remove incorrect setting of glob search field (bsc#1117184).\n\n - genirq: Fix race on spurious interrupt detection (bsc#1051510).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (git-fixes).\n\n - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).\n\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).\n\n - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24).\n\n - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).\n\n - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).\n\n - hwmon: (core) Fix double-free in\n __hwmon_device_register() (bsc#1051510).\n\n - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).\n\n - hwmon: (ina2xx) Fix current value calculation (bsc#1051510).\n\n - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n\n - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).\n\n - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).\n\n - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n\n - hwmon: (w83795) temp4_type has writable permission (bsc#1051510).\n\n - ibmvnic: fix accelerated VLAN handling ().\n\n - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).\n\n - ibmvnic: remove ndo_poll_controller ().\n\n - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).\n\n - iio: ad5064: Fix regulator handling (bsc#1051510).\n\n - iio:st_magn: Fix enable device after trigger (bsc#1051510).\n\n - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510).\n\n - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510).\n\n - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16).\n\n - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).\n\n - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).\n\n - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).\n\n - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n\n - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).\n\n - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n\n - ip6_vti: fix a NULL pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).\n\n - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n\n - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).\n\n - ipmi: Fix timer race with module unload (bsc#1051510).\n\n - ipv4: lock mtu in fnhe when received PMTU net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n\n - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).\n\n - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).\n\n - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).\n\n - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).\n\n - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).\n\n - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).\n\n - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).\n\n - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).\n\n - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).\n\n - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).\n\n - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n\n - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).\n\n - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).\n\n - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n\n - kABI: protect struct fib_nh_exception (kabi).\n\n - kABI: protect struct rtable (kabi).\n\n - kabi/severities: ignore __xive_vm_h_* KVM internal symbols.\n\n - kabi/severities: ignore ppc64 realmode helpers. KVM fixes remove exports of realmode_pfn_to_page iommu_tce_xchg_rm mm_iommu_lookup_rm mm_iommu_ua_to_hpa_rm. Some are no longer used and others are no longer exported because the code was consolideted in one place. These helpers are to be called in realmode and linking to them from non-KVM modules is a bug. Hence removing them does not break KABI.\n\n - kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n\n - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).\n\n - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279).\n\n - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).\n\n - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n\n - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).\n\n - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).\n\n - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).\n\n - livepatch: create and include UAPI headers ().\n\n - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).\n\n - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes).\n\n - mac80211: Always report TX status (bsc#1051510).\n\n - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).\n\n - mac80211: fix TX status reporting for ieee80211s (bsc#1051510).\n\n - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).\n\n - mach64: fix display corruption on big endian machines (bsc#1113722)\n\n - mach64: fix image corruption due to reading accelerator registers (bsc#1113722)\n\n - mailbox: PCC: handle parse error (bsc#1051510).\n\n - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes).\n\n - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes).\n\n - md/raid1: add error handling of read error from FailFast device (git-fixes).\n\n - md/raid5-cache: disable reshape completely (git-fixes).\n\n - md/raid5: fix data corruption of replacements after originals dropped (git-fixes).\n\n - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes).\n\n - memory_hotplug: cond_resched in __remove_pages (bnc#1114178).\n\n - mfd: menelaus: Fix possible race condition and leak (bsc#1051510).\n\n - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).\n\n - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).\n\n - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).\n\n - mm: rework memcg kernel stack accounting (bnc#1113677).\n\n - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).\n\n - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).\n\n - modpost: ignore livepatch unresolved relocations ().\n\n - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).\n\n - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).\n\n - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n\n - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).\n\n - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21).\n\n - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).\n\n - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).\n\n - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).\n\n - net/ibmnvic: Fix deadlock problem in reset ().\n\n - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).\n\n - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).\n\n - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).\n\n - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).\n\n - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).\n\n - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).\n\n - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).\n\n - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).\n\n - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).\n\n - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).\n\n - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).\n\n - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).\n\n - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).\n\n - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).\n\n - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).\n\n - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).\n\n - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).\n\n - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).\n\n - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).\n\n - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).\n\n - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).\n\n - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).\n\n - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).\n\n - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).\n\n - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).\n\n - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).\n\n - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).\n\n - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).\n\n - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).\n\n - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).\n\n - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).\n\n - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).\n\n - net: ena: minor performance improvement (bsc#1111696 bsc#1117561).\n\n - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).\n\n - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).\n\n - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561).\n\n - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).\n\n - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).\n\n - net: hp100: fix always-true check for link up state (networking-stable-18_09_24).\n\n - net: ibm: fix return type of ndo_start_xmit function ().\n\n - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).\n\n - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).\n\n - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).\n\n - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).\n\n - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).\n\n - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).\n\n - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n\n - net: sched: Fix for duplicate class dump (networking-stable-18_11_02).\n\n - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).\n\n - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).\n\n - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).\n\n - net: smsc95xx: Fix MTU range (networking-stable-18_11_21).\n\n - net: socket: fix a missing-check bug (networking-stable-18_11_02).\n\n - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).\n\n - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).\n\n - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).\n\n - net: systemport: Protect stop from timeout (networking-stable-18_11_21).\n\n - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).\n\n - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).\n\n - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).\n\n - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).\n\n - nfsd4: permit layoutget of executable-only files (git-fixes).\n\n - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes).\n\n - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).\n\n - nfsd: Fix another OPEN stateid race (git-fixes).\n\n - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).\n\n - nfsd: check for use of the closed special stateid (git-fixes).\n\n - nfsd: deal with revoked delegations appropriately (git-fixes).\n\n - nfsd: fix corrupted reply to badly ordered compound (git-fixes).\n\n - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).\n\n - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).\n\n - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).\n\n - nospec: Include asm/barrier.h dependency (bsc#1114279).\n\n - nvme: Free ctrl device name on init failure ().\n\n - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).\n\n - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816).\n\n - ocfs2: fix ocfs2 read block panic (bsc#1117815).\n\n - ocfs2: free up write context when direct IO failed (bsc#1117821).\n\n - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808).\n\n - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).\n\n - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).\n\n - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).\n\n - pci: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit:\n 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)\n\n - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).\n\n - percpu: make this_cpu_generic_read() atomic w.r.t.\n interrupts (bsc#1114279).\n\n - perf: fix invalid bit in diagnostic entry (git-fixes).\n\n - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n\n - pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).\n\n - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).\n\n - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).\n\n - pipe: match pipe_max_size data type with procfs (git-fixes).\n\n - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).\n\n - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).\n\n - pnfs: Do not release the sequence slot until we've processed layoutget on open (git-fixes).\n\n - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).\n\n - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).\n\n - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).\n\n - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).\n\n - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).\n\n - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).\n\n - powerpc/mm: Fix typo in comments (bsc#1065729).\n\n - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).\n\n - powerpc/npu-dma.c: Fix crash after\n __mmu_notifier_register failure (bsc#1055120).\n\n - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840).\n\n - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840).\n\n - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).\n\n - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).\n\n - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).\n\n - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).\n\n - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).\n\n - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).\n\n - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).\n\n - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).\n\n - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120).\n\n - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).\n\n - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840).\n\n - powerpc/powernv: Rework TCE level allocation (bsc#1061840).\n\n - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).\n\n - powerpc/pseries: Fix DTL buffer registration (bsc#1065729).\n\n - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).\n\n - powerpc/xive: Move definition of ESB bits (bsc#1061840).\n\n - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).\n\n - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).\n\n - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).\n\n - provide linux/set_memory.h (bsc#1113295).\n\n - ptp: fix Spectre v1 vulnerability (bsc#1051510).\n\n - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510).\n\n - pxa168fb: prepare the clock (bsc#1051510).\n\n - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).\n\n - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).\n\n - r8169: fix NAPI handling under high load (networking-stable-18_11_02).\n\n - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).\n\n - rds: fix two RCU related problems (networking-stable-18_09_18).\n\n - remoteproc: qcom: Fix potential device node leaks (bsc#1051510).\n\n - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).\n\n - reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n\n - resource: Include resource end in walk_*() interfaces (bsc#1114279).\n\n - rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-$(flavor)-devel packages if it exists.\n\n - rpm/kernel-binary.spec.in: allow unsupported modules for\n -extra (bsc#1111183). SLE-15 and later only.\n\n - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches\n\n - rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ('kconfig:\n remove silentoldconfig target'), 'make silentoldconfig' can be no longer used. Use 'make syncconfig' instead if available.\n\n - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).\n\n - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).\n\n - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).\n\n - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).\n\n - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback (git-fixes).\n\n - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).\n\n - s390/qeth: handle failure on workqueue creation (git-fixes).\n\n - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).\n\n - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).\n\n - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).\n\n - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).\n\n - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).\n\n - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).\n\n - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue\n\n - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).\n\n - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).\n\n - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n\n - scsi: lpfc: Correct errors accessing fw log (bsc#1114015).\n\n - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).\n\n - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).\n\n - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).\n\n - scsi: lpfc: Correct race with abort on completion path (bsc#1114015).\n\n - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).\n\n - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n\n - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).\n\n - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).\n\n - scsi: lpfc: Fix errors in log messages (bsc#1114015).\n\n - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).\n\n - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).\n\n - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).\n\n - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).\n\n - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).\n\n - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).\n\n - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).\n\n - scsi: lpfc: add Trunking support (bsc#1114015).\n\n - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).\n\n - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).\n\n - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).\n\n - scsi: lpfc: reduce locking when updating statistics (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).\n\n - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581).\n\n - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).\n\n - scsi: sg: fix minor memory leak in error path (bsc#1114584).\n\n - scsi: sysfs: Introduce sysfs_(un,)break_active_protection() (bsc#1114578).\n\n - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).\n\n - scsi: target: Fix fortify_panic kernel exception (bsc#1114576).\n\n - scsi: target: tcmu: add read length support (bsc#1097755).\n\n - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).\n\n - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).\n\n - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).\n\n - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).\n\n - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21).\n\n - skip LAYOUTRETURN if layout is invalid (git-fixes).\n\n - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).\n\n - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).\n\n - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510).\n\n - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n\n - staging:iio:ad7606: fix voltage scales (bsc#1051510).\n\n - sunrpc: Do not use stack buffer with scatterlist (git-fixes).\n\n - sunrpc: Fix rpc_task_begin trace point (git-fixes).\n\n - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).\n\n - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).\n\n - test_firmware: fix error return getting clobbered (bsc#1051510).\n\n - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).\n\n - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n\n - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).\n\n - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).\n\n - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).\n\n - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).\n\n - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).\n\n - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).\n\n - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).\n\n - tpm: Restore functionality to xen vtpm driver (bsc#1082555).\n\n - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).\n\n - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).\n\n - tpm: add retry logic (bsc#1082555).\n\n - tpm: consolidate the TPM startup code (bsc#1082555).\n\n - tpm: do not suspend/resume if power stays on (bsc#1082555).\n\n - tpm: fix intermittent failure with self tests (bsc#1082555).\n\n - tpm: fix response size validation in tpm_get_random() (bsc#1082555).\n\n - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).\n\n - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).\n\n - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).\n\n - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).\n\n - tpm: self test failure should not cause suspend to fail (bsc#1082555).\n\n - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).\n\n - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).\n\n - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).\n\n - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).\n\n - tracing: Erase irqsoff trace with empty write (bsc#1117189).\n\n - tty: Do not block on IO when ldisc change is pending (bnc#1105428).\n\n - tty: check name length in tty_find_polling_driver() (bsc#1051510).\n\n - tty: wipe buffer (bsc#1051510).\n\n - tty: wipe buffer if not echoing data (bsc#1051510).\n\n - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).\n\n - tuntap: fix multiqueue rx (networking-stable-18_11_21).\n\n - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).\n\n - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).\n\n - udp6: fix encap return code for resubmitting (git-fixes).\n\n - uio: Fix an Oops on load (bsc#1051510).\n\n - uio: ensure class is registered before devices (bsc#1051510).\n\n - uio: make symbol 'uio_class_registered' static (bsc#1051510).\n\n - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).\n\n - usb: core: Fix hub port connection events lost (bsc#1051510).\n\n - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).\n\n - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).\n\n - usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n\n - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).\n\n - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).\n\n - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).\n\n - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).\n\n - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).\n\n - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).\n\n - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).\n\n - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).\n\n - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).\n\n - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).\n\n - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes).\n\n - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).\n\n - vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n\n - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).\n\n - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).\n\n - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).\n\n - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).\n\n - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).\n\n - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).\n\n - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).\n\n - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).\n\n - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).\n\n - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).\n\n - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs ().\n\n - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).\n\n - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).\n\n - xen/netfront: do not bug in case of too many frags (bnc#1104824).\n\n - xen/pvh: do not try to unplug emulated devices (bnc#1065600).\n\n - xen/pvh: increase early stack size (bnc#1065600).\n\n - xen: fix race in xen_qlock_wait() (bnc#1107256).\n\n - xen: fix xen_qlock_wait() (bnc#1107256).\n\n - xen: make xen_qlock_wait() nestable (bnc#1107256).\n\n - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).\n\n - xfs: Properly detect when DAX won't be used on any device (bsc#1115976).\n\n - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).\n\n - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).\n\n - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-974)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-974.NASL", "href": "https://www.tenable.com/plugins/nessus/123397", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-974.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123397);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-18281\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-974)\");\n script_summary(english:\"Check for the openSUSE-2019-974 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB\n flushes after dropping pagetable locks. If a syscall\n such as ftruncate() removes entries from the pagetables\n of a task that is in the middle of mremap(), a stale TLB\n entry can remain for a short time that permits access to\n a physical page after it has been released back to the\n page allocator and reused. (bnc#1113769).\n\nThe following non-security bugs were fixed :\n\n - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail\n DMA controllers (bsc#1051510).\n\n - ACPI / platform: Add SMB0001 HID to forbidden_id_list\n (bsc#1051510).\n\n - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table\n uses RTC SRAM (bsc#1051510).\n\n - ACPI/APEI: Handle GSIV and GPIO notification types\n (bsc#1115567). \n\n - ACPI/IORT: Fix iort_get_platform_device_domain()\n uninitialized pointer value (bsc#1051510).\n\n - ACPICA: Tables: Add WSMT support (bsc#1089350).\n\n - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control\n write (bsc#1051510).\n\n - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio\n pops (bsc#1051510).\n\n - ALSA: control: Fix race between adding and removing a\n user element (bsc#1051510).\n\n - ALSA: hda/ca0132 - Call pci_iounmap() instead of\n iounmap() (bsc#1051510).\n\n - ALSA: hda/realtek - Add GPIO data update helper\n (bsc#1051510).\n\n - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre\n x360 laptop (bsc#1051510).\n\n - ALSA: hda/realtek - Allow skipping spec->init_amp\n detection (bsc#1051510).\n\n - ALSA: hda/realtek - Fix HP Headset Mic can't record\n (bsc#1051510).\n\n - ALSA: hda/realtek - Manage GPIO bits commonly\n (bsc#1051510).\n\n - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling\n (bsc#1051510).\n\n - ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n\n - ALSA: hda/realtek - fix headset mic detection for MSI\n MS-B171 (bsc#1051510).\n\n - ALSA: hda/realtek - fix the pop noise on headphone for\n lenovo laptops (bsc#1051510).\n\n - ALSA: hda: Add ASRock N68C-S UCC the power_save\n blacklist (bsc#1051510).\n\n - ALSA: oss: Use kvzalloc() for local buffer allocations\n (bsc#1051510).\n\n - ALSA: sparc: Fix invalid snd_free_pages() at error path\n (bsc#1051510).\n\n - ALSA: usb-audio: Add vendor and product name for Dell\n WD19 Dock (bsc#1051510).\n\n - ALSA: wss: Fix invalid snd_free_pages() at error path\n (bsc#1051510).\n\n - ARM: dts: at91: add new compatibility string for macb on\n sama5d3 (bsc#1051510).\n\n - ASoC: Intel: cht_bsw_max98090: add support for Baytrail\n (bsc#1051510).\n\n - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE\n to dwc (bsc#1085535)\n\n - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards\n using pmc_plt_clk_0 (bsc#1051510).\n\n - ASoC: sun8i-codec: fix crash on module removal\n (bsc#1051510).\n\n - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n\n - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth\n (bsc#1051510).\n\n - Btrfs: fix assertion failure during fsync in no-holes\n mode (bsc#1118136).\n\n - Btrfs: fix assertion on fsync of regular file when using\n no-holes feature (bsc#1118137).\n\n - Btrfs: fix cur_offset in the error case for nocow\n (bsc#1118140).\n\n - Btrfs: fix data corruption due to cloning of eof block\n (bsc#1116878).\n\n - Btrfs: fix deadlock on tree root leaf when finding free\n extent (bsc#1116876).\n\n - Btrfs: fix deadlock when writing out free space caches\n (bsc#1116700).\n\n - Btrfs: fix infinite loop on inode eviction after\n deduplication of eof block (bsc#1116877).\n\n - Btrfs: fix NULL pointer dereference on compressed write\n path error (bsc#1116698).\n\n - Btrfs: fix use-after-free during inode eviction\n (bsc#1116701).\n\n - Btrfs: fix use-after-free when dumping free space\n (bsc#1116862).\n\n - Btrfs: fix warning when replaying log after fsync of a\n tmpfile (bsc#1116692).\n\n - Btrfs: fix wrong dentries after fsync of file that got\n its parent replaced (bsc#1116693).\n\n - Btrfs: send, fix infinite loop due to directory rename\n dependencies (bsc#1118138).\n\n - Documentation/l1tf: Fix typos (bsc#1051510).\n\n - Documentation/l1tf: Remove Yonah processors from not\n vulnerable list (bsc#1051510).\n\n - EDAC, thunderx: Fix memory leak in\n thunderx_l2c_threaded_isr() (bsc#1114279).\n\n - EDAC: Raise the maximum number of memory controllers\n (bsc#1113780).\n\n - Fix kABI for 'Ensure we commit after writeback is\n complete' (bsc#1111809).\n\n - Fix some patch headers which diverge from RFC5322\n Manually fix some patches which have an invalid header.\n\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n\n - HID: uhid: forbid UHID_CREATE under KERNEL_DS or\n elevated privileges (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad\n 330-15IGM (bsc#1051510).\n\n - Input: synaptics - avoid using uninitialized variable\n when probing (bsc#1051510).\n\n - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n\n - Input: xpad - add support for Xbox1 PDP Camo series\n gamepad (bsc#1051510).\n\n - Input: xpad - avoid using __set_bit() for capabilities\n (bsc#1051510).\n\n - Input: xpad - fix some coding style issues\n (bsc#1051510).\n\n - KABI fix for 'NFSv4.1: Fix up replays of interrupted\n requests' (git-fixes).\n\n - KABI: hide new member in struct iommu_table from\n genksyms (bsc#1061840).\n\n - KABI: powerpc: Revert npu callback signature change\n (bsc#1055120).\n\n - KABI: powerpc: export __find_linux_pte as\n __find_linux_pte_or_hugepte (bsc#1061840).\n\n - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move\n vcpu->arch.gpr[] into it (bsc#1061840).\n\n - KVM: PPC: Avoid marking DMA-mapped pages dirty in real\n mode (bsc#1061840).\n\n - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit\n path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG\n interface (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add of_node_put() in success path\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow HPT and radix on the same\n core for POWER9 v2.2 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow creating max number of VCPUs\n on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid crash from THP collapse\n during radix page fault (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid shifts by negative amounts\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check DR not IR to chose real vs\n virt mode MMIOs (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR\n value loaded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate\n function (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use compound_order to\n determine host mapping size (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag\n for XIVE escalations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Enable migration of decrementer\n register (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Factor fake-suspend handling out of\n kvmppc_save/restore_tm (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or\n 1GB memory backing (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix conditions for starting vcpu\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix constant size warning\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix duplication of host SLB entries\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix guest r11 corruption with\n POWER9 TM workarounds (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of large pages in\n radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in\n HPT resizing code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix inaccurate comment\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real\n mode interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix trap number return from\n __kvmppc_vcore_entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix typo in\n kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle 1GB pages in radix page\n fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Improve handling of debug-trigger\n HMIs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt\n masked unless ceded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix clear pte when unmapping\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix use correct tlbie\n sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU\n ID space (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Radix page fault handler\n optimizations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under\n kvm->lock (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Recursively unmap all page table\n entries when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove useless statement\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to\n Linux handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR\n count correctly (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Snapshot timebase offset on guest\n entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Streamline setting of reference and\n change bits (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page\n fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the\n radix fault path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts\n on CPU priority change (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Do not clear partition PTE\n when RC or write bits do not match (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Refine IO region partition\n scope attributes (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Add guest MSR parameter for\n kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Move\n kvmppc_save_tm/kvmppc_restore_tm to separate file\n (bsc#1061840).\n\n - KVM: PPC: Book3S: Add MMIO emulation for VMX\n instructions (bsc#1061840).\n\n - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages\n with smaller physical pages (bsc#1061840).\n\n - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64\n parameters (bsc#1061840).\n\n - KVM: PPC: Book3S: Eliminate some unnecessary checks\n (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix compile error that occurs with\n some gcc versions (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix matching of hardware and emulated\n TCE tables (bsc#1061840).\n\n - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE\n (bsc#1061840).\n\n - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage\n issue (bsc#1061840).\n\n - KVM: PPC: Make iommu_table::it_userspace big endian\n (bsc#1061840).\n\n - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in\n kvm_vcpu_arch (bsc#1061840).\n\n - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show()\n (bsc#1061840).\n\n - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n\n - KVM: arm/arm64: Introduce vcpu_el1_is_32bit\n (bsc#1110998).\n\n - KVM: nVMX: Always reflect #NM VM-exits to L1\n (bsc#1106240).\n\n - KVM: nVMX: move check_vmentry_postreqs() call to\n nested_vmx_enter_non_root_mode() (bsc#1106240).\n\n - KVM: s390: vsie: copy wrapping keys to right place\n (git-fixes).\n\n - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING\n hypercall (bsc#1106240).\n\n - MD: fix invalid stored role for a disk - try2\n (git-fixes).\n\n - NFS: Avoid RCU usage in tracepoints (git-fixes).\n\n - NFS: Ensure we commit after writeback is complete\n (bsc#1111809).\n\n - NFS: Fix a typo in nfs_rename() (git-fixes).\n\n - NFS: Fix an incorrect type in struct nfs_direct_req\n (git-fixes).\n\n - NFS: Fix typo in nomigration mount option (git-fixes).\n\n - NFS: Fix unstable write completion (git-fixes).\n\n - NFS: commit direct writes even if they fail partially\n (git-fixes).\n\n - NFSv4.0 fix client reference leak in callback\n (git-fixes).\n\n - NFSv4.1 fix infinite loop on I/O (git-fixes).\n\n - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock\n (git-fixes).\n\n - NFSv4.1: Fix the client behaviour on\n NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n\n - NFSv4.1: Fix up replays of interrupted requests\n (git-fixes).\n\n - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).\n\n - PCI/ASPM: Do not initialize link state when\n aspm_disabled is set (bsc#1051510).\n\n - PCI/MSI: Warn and return error if driver enables\n MSI/MSI-X twice (bsc#1051510).\n\n - PCI: Add Device IDs for Intel GPU 'spurious interrupt'\n quirk (bsc#1051510).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: imx6: Fix link training status detection in link up\n check (bsc#1109806).\n\n - PCI: iproc: Remove PAXC slot check to allow VF support\n (bsc#1109806).\n\n - PCI: vmd: Assign vector zero to all bridges\n (bsc#1109806).\n\n - PCI: vmd: Detach resources after stopping root bus\n (bsc#1109806).\n\n - PCI: vmd: White list for fast interrupt handlers\n (bsc#1109806).\n\n - SUNRPC: Allow connect to return EHOSTUNREACH\n (git-fixes).\n\n - SUNRPC: Fix tracepoint storage issues with svc_recv and\n svc_rqst_status (git-fixes).\n\n - USB: misc: appledisplay: add 20' Apple Cinema Display\n (bsc#1051510).\n\n - USB: omap_udc: fix rejection of out transfers when DMA\n is used (bsc#1051510).\n\n - USB: quirks: Add no-lpm quirk for Raydium touchscreens\n (bsc#1051510).\n\n - USB: serial: option: add two-endpoints device-id flag\n (bsc#1051510).\n\n - USB: serial: option: drop redundant interface-class test\n (bsc#1051510).\n\n - USB: serial: option: improve Quectel EP06 detection\n (bsc#1051510).\n\n - VFS: close race between getcwd() and d_move()\n (git-fixes).\n\n - VMCI: Resource wildcard match fixed (bsc#1051510).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1116895).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine\n checks (bsc#1114279).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before\n using it (bsc#1114279).\n\n - act_ife: fix a potential use-after-free\n (networking-stable-18_09_11).\n\n - amd/iommu: Fix Guest Virtual APIC Log Tail Address\n Register (bsc#1106105).\n\n - arm64: KVM: Move CPU ID reg trap setup off the world\n switch path (bsc#1110998).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from\n userspace (bsc#1110998).\n\n - arm64: KVM: Tighten guest core register access from\n userspace (bsc#1110998).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ataflop: fix error handling during setup (bsc#1051510).\n\n - ath10k: schedule hardware restart if WMI command times\n out (bsc#1051510).\n\n - autofs: fix autofs_sbi() does not check super block type\n (git-fixes).\n\n - autofs: fix slab out of bounds read in getname_kernel()\n (git-fixes).\n\n - autofs: mount point create should honour passed in mode\n (git-fixes).\n\n - badblocks: fix wrong return value in badblocks_set if\n badblocks are disabled (git-fixes).\n\n - batman-adv: Expand merged fragment buffer for full\n packet (bsc#1051510).\n\n - batman-adv: Use explicit tvlv padding for ELP packets\n (bsc#1051510).\n\n - bitops: protect variables in bit_clear_unless() macro\n (bsc#1051510).\n\n - bitops: protect variables in set_mask_bits() macro\n (bsc#1051510).\n\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n\n - block: respect virtual boundary mask in bvecs\n (bsc#1113412).\n\n - bnxt_en: Fix TX timeout during netpoll\n (networking-stable-18_10_16).\n\n - bnxt_en: free hwrm resources, if driver probe fails\n (networking-stable-18_10_16).\n\n - bonding: avoid possible dead-lock\n (networking-stable-18_10_16).\n\n - bonding: fix length of actor system\n (networking-stable-18_11_02).\n\n - bonding: fix warning message\n (networking-stable-18_10_16).\n\n - bonding: pass link-local packets to bonding master also\n (networking-stable-18_10_16).\n\n - bpf, net: add skb_mac_header_len helper\n (networking-stable-18_09_24).\n\n - bpf: fix partial copy of map_ptr when dst is scalar\n (bsc#1083647).\n\n - bpf: wait for running BPF programs when updating\n map-in-map (bsc#1083647).\n\n - brcmfmac: fix for proper support of 160MHz bandwidth\n (bsc#1051510).\n\n - brcmfmac: fix reporting support for 160 MHz channels\n (bsc#1051510).\n\n - brcmutil: really fix decoding channel info for 160 MHz\n bandwidth (bsc#1051510).\n\n - bridge: do not add port to router list when receives\n query with source 0.0.0.0 (networking-stable-18_11_02).\n\n - btrfs: make sure we create all new block groups\n (bsc#1116699).\n\n - btrfs: protect space cache inode alloc with GFP_NOFS\n (bsc#1116863).\n\n - cachefiles: fix the race between\n cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel\n if can_priv::echo_skb is accessed out of bounds\n (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): print error message, if\n trying to echo non existing skb (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame\n by canfd_frame to access frame length (bsc#1051510).\n\n - can: dev: can_get_echo_skb(): factor out non sending\n code to __can_get_echo_skb() (bsc#1051510).\n\n - can: hi311x: Use level-triggered interrupt\n (bsc#1051510).\n\n - can: raw: check for CAN FD capable netdev in\n raw_sendmsg() (bsc#1051510).\n\n - can: rcar_can: Fix erroneous registration (bsc#1051510).\n\n - can: rx-offload: introduce can_rx_offload_get_echo_skb()\n and can_rx_offload_queue_sorted() functions\n (bsc#1051510).\n\n - cdc-acm: correct counting of UART states in serial state\n notification (bsc#1051510).\n\n - cdc-acm: do not reset notification buffer index upon urb\n unlinking (bsc#1051510).\n\n - ceph: fix dentry leak in ceph_readdir_prepopulate\n (bsc#1114839).\n\n - ceph: quota: fix NULL pointer dereference in quota check\n (bsc#1114839).\n\n - cfg80211: Address some corner cases in scan result\n channel updating (bsc#1051510).\n\n - cfg80211: fix use-after-free in reg_process_hint()\n (bsc#1051510).\n\n - clk: at91: Fix division by zero in PLL recalc_rate()\n (bsc#1051510).\n\n - clk: fixed-factor: fix of_node_get-put imbalance\n (bsc#1051510).\n\n - clk: fixed-rate: fix of_node_get-put imbalance\n (bsc#1051510).\n\n - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk\n (bsc#1051510).\n\n - clk: rockchip: Fix static checker warning in\n rockchip_ddrclk_get_parent call (bsc#1051510).\n\n - clk: s2mps11: Add used attribute to s2mps11_dt_match\n (bsc#1051510).\n\n - clk: s2mps11: Fix matching when built as module and DT\n node contains compatible (bsc#1051510).\n\n - clk: samsung: exynos5420: Enable PERIS clocks for\n suspend (bsc#1051510).\n\n - clockevents/drivers/i8253: Add support for PIT shutdown\n quirk (bsc#1051510).\n\n - configfs: replace strncpy with memcpy (bsc#1051510).\n\n - crypto: simd - correctly take reqsize of wrapped\n skcipher into account (bsc#1051510).\n\n - do d_instantiate/unlock_new_inode combinations safely\n (git-fixes).\n\n - driver/dma/ioat: Call del_timer_sync() without holding\n prep_lock (bsc#1051510).\n\n - drm/amdgpu: add missing CHIP_HAINAN in\n amdgpu_ucode_get_load_type (bsc#1051510).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n\n - drm/ast: Remove existing framebuffers before loading\n driver (boo#1112963)\n\n - drm/ast: change resolution may cause screen blurred\n (boo#1112963).\n\n - drm/ast: fixed cursor may disappear sometimes\n (bsc#1051510).\n\n - drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n\n - drm/dp_mst: Skip validating ports during destruction,\n just ref (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion\n 15-n233sl (bsc#1113722)\n\n - drm/i915/execlists: Force write serialisation into\n context image vs execution (bsc#1051510).\n\n - drm/i915/glk: Remove 99% limitation (bsc#1051510).\n\n - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N\n values (bsc#1051510).\n\n - drm/i915: Do not oops during modeset shutdown after lpe\n audio deinit (bsc#1051510).\n\n - drm/i915: Do not unset intel_connector->mst_port\n (bsc#1051510).\n\n - drm/i915: Fix ilk+ watermarks when disabling pipes\n (bsc#1051510).\n\n - drm/i915: Large page offsets for pread/pwrite\n (bsc#1051510).\n\n - drm/i915: Mark pin flags as u64 (bsc#1051510).\n\n - drm/i915: Skip vcpi allocation for MSTB ports that are\n gone (bsc#1051510).\n\n - drm/i915: Write GPU relocs harder with gen3\n (bsc#1051510).\n\n - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config\n (bsc#1051510).\n\n - drm/meson: Fix OOB memory accesses in\n meson_viu_set_osd_lut() (bsc#1051510).\n\n - drm/meson: add support for 1080p25 mode (bsc#1051510).\n\n - drm/nouveau: Check backlight IDs are >= 0, not > 0\n (bsc#1051510).\n\n - drm/omap: fix memory barrier bug in DMM driver\n (bsc#1051510).\n\n - drm/rockchip: Allow driver to be shutdown on\n reboot/kexec (bsc#1051510).\n\n - drm: fb-helper: Reject all pixel format changing\n requests (bsc#1113722)\n\n - ext4: add missing brelse() add_new_gdb_meta_bg()'s error\n path (bsc#1117795).\n\n - ext4: add missing brelse() in\n set_flexbg_block_bitmap()'s error path (bsc#1117794).\n\n - ext4: add missing brelse() update_backups()'s error path\n (bsc#1117796).\n\n - ext4: avoid buffer leak in ext4_orphan_add() after prior\n errors (bsc#1117802).\n\n - ext4: avoid buffer leak on shutdown in\n ext4_mark_iloc_dirty() (bsc#1117801).\n\n - ext4: avoid potential extra brelse in\n setup_new_flex_group_blocks() (bsc#1117792).\n\n - ext4: fix buffer leak in __ext4_read_dirblock() on error\n path (bsc#1117807).\n\n - ext4: fix buffer leak in ext4_xattr_move_to_block() on\n error path (bsc#1117806).\n\n - ext4: fix missing cleanup if ext4_alloc_flex_bg_array()\n fails while resizing (bsc#1117798).\n\n - ext4: fix possible inode leak in the retry loop of\n ext4_resize_fs() (bsc#1117799).\n\n - ext4: fix possible leak of s_journal_flag_rwsem in error\n path (bsc#1117804).\n\n - ext4: fix possible leak of sbi->s_group_desc_leak in\n error path (bsc#1117803).\n\n - ext4: fix setattr project check in fssetxattr ioctl\n (bsc#1117789).\n\n - ext4: fix use-after-free race in ext4_remount()'s error\n path (bsc#1117791).\n\n - ext4: initialize retries variable in\n ext4_da_write_inline_data_begin() (bsc#1117788).\n\n - ext4: propagate error from dquot_initialize() in\n EXT4_IOC_FSSETXATTR (bsc#1117790).\n\n - ext4: release bs.bh before re-using in\n ext4_xattr_block_find() (bsc#1117805).\n\n - fbdev: fix broken menu dependencies (bsc#1113722)\n\n - firmware: dcdbas: Add support for WSMT ACPI table\n (bsc#1089350 ).\n\n - firmware: dcdbas: include linux/io.h (bsc#1089350).\n\n - floppy: fix race condition in __floppy_read_block_0()\n (bsc#1051510).\n\n - flow_dissector: do not dissect l4 ports for fragments\n (networking-stable-18_11_21).\n\n - fs/dcache.c: fix kmemcheck splat at\n take_dentry_name_snapshot() (git-fixes).\n\n - fs: Make extension of struct super_block transparent\n (bsc#1117822).\n\n - fs: dcache: Avoid livelock between d_alloc_parallel and\n __d_add (git-fixes).\n\n - fs: dcache: Use READ_ONCE when accessing i_dir_seq\n (git-fixes).\n\n - fscache: fix race between enablement and dropping of\n object (bsc#1107385).\n\n - fsnotify: Fix busy inodes during unmount (bsc#1117822).\n\n - fsnotify: fix ignore mask logic in fsnotify()\n (bsc#1115074).\n\n - ftrace: Fix debug preempt config name in\n stack_tracer_(en,dis)able (bsc#1117172).\n\n - ftrace: Fix kmemleak in unregister_ftrace_graph\n (bsc#1117181).\n\n - ftrace: Fix memleak when unregistering dynamic ops when\n tracing disabled (bsc#1117174).\n\n - ftrace: Remove incorrect setting of glob search field\n (bsc#1117184).\n\n - genirq: Fix race on spurious interrupt detection\n (bsc#1051510).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (git-fixes).\n\n - gpio: do not free unallocated ida on\n gpiochip_add_data_with_key() error path (bsc#1051510).\n\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook\n (git-fixes).\n\n - gso_segment: Reset skb->mac_len after modifying network\n header (networking-stable-18_09_24).\n\n - hv_netvsc: ignore devices that are not PCI\n (networking-stable-18_09_11).\n\n - hwmon (ina2xx) Fix NULL id pointer in probe()\n (bsc#1051510).\n\n - hwmon: (core) Fix double-free in\n __hwmon_device_register() (bsc#1051510).\n\n - hwmon: (ibmpowernv) Remove bogus __init annotations\n (bsc#1051510).\n\n - hwmon: (ina2xx) Fix current value calculation\n (bsc#1051510).\n\n - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n\n - hwmon: (pmbus) Fix page count auto-detection\n (bsc#1051510).\n\n - hwmon: (pwm-fan) Set fan speed to 0 on suspend\n (bsc#1051510).\n\n - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n\n - hwmon: (w83795) temp4_type has writable permission\n (bsc#1051510).\n\n - ibmvnic: fix accelerated VLAN handling ().\n\n - ibmvnic: fix index in release_rx_pools (bsc#1115440,\n bsc#1115433).\n\n - ibmvnic: remove ndo_poll_controller ().\n\n - iio: accel: adxl345: convert address field usage in\n iio_chan_spec (bsc#1051510).\n\n - iio: ad5064: Fix regulator handling (bsc#1051510).\n\n - iio:st_magn: Fix enable device after trigger\n (bsc#1051510).\n\n - ima: fix showing large 'violations' or\n 'runtime_measurements_count' (bsc#1051510).\n\n - include/linux/pfn_t.h: force '~' to be parsed as an\n unary operator (bsc#1051510).\n\n - inet: make sure to grab rcu_read_lock before using\n ireq->ireq_opt (networking-stable-18_10_16).\n\n - iommu/arm-smmu: Ensure that page-table updates are\n visible before TLBI (bsc#1106237).\n\n - iommu/ipmmu-vmsa: Fix crash on early domain free\n (bsc#1106105).\n\n - iommu/vt-d: Fix NULL pointer dereference in\n prq_event_thread() (bsc#1106105).\n\n - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n\n - ip6_tunnel: Fix encapsulation layout\n (networking-stable-18_11_02).\n\n - ip6_tunnel: be careful when accessing the inner header\n (networking-stable-18_10_16).\n\n - ip6_vti: fix a NULL pointer deference when destroy vti6\n tunnel (networking-stable-18_09_11).\n\n - ip_tunnel: be careful when accessing the inner header\n (networking-stable-18_10_16).\n\n - ip_tunnel: do not force DF when MTU is locked\n (networking-stable-18_11_21).\n\n - ipmi: Fix timer race with module unload (bsc#1051510).\n\n - ipv4: lock mtu in fnhe when received PMTU\n net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n\n - ipv4: tcp: send zero IPID for RST and ACK sent in\n SYN-RECV and TIME-WAIT state\n (networking-stable-18_09_11).\n\n - ipv6/ndisc: Preserve IPv6 control buffer if protocol\n error handlers are called (networking-stable-18_11_02).\n\n - ipv6: fix possible use-after-free in ip6_xmit()\n (networking-stable-18_09_24).\n\n - ipv6: mcast: fix a use-after-free in inet6_mc_check\n (networking-stable-18_11_02).\n\n - ipv6: take rcu lock in rawv6_send_hdrinc()\n (networking-stable-18_10_16).\n\n - iwlwifi: dbg: allow wrt collection before ALIVE\n (bsc#1051510).\n\n - iwlwifi: do not WARN on trying to dump dead firmware\n (bsc#1051510).\n\n - iwlwifi: mvm: check for short GI only for OFDM\n (bsc#1051510).\n\n - iwlwifi: mvm: check return value of\n rs_rate_from_ucode_rate() (bsc#1051510).\n\n - iwlwifi: mvm: do not use SAR Geo if basic SAR is not\n used (bsc#1051510).\n\n - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n\n - iwlwifi: mvm: fix regulatory domain update when the\n firmware starts (bsc#1051510).\n\n - iwlwifi: mvm: support sta_statistics() even on older\n firmware (bsc#1051510).\n\n - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n\n - kABI: protect struct fib_nh_exception (kabi).\n\n - kABI: protect struct rtable (kabi).\n\n - kabi/severities: ignore __xive_vm_h_* KVM internal\n symbols.\n\n - kabi/severities: ignore ppc64 realmode helpers. KVM\n fixes remove exports of realmode_pfn_to_page\n iommu_tce_xchg_rm mm_iommu_lookup_rm\n mm_iommu_ua_to_hpa_rm. Some are no longer used and\n others are no longer exported because the code was\n consolideted in one place. These helpers are to be\n called in realmode and linking to them from non-KVM\n modules is a bug. Hence removing them does not break\n KABI.\n\n - kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n\n - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).\n\n - kbuild: move '_all' target out of $(KBUILD_SRC)\n conditional (bsc#1114279).\n\n - kgdboc: Passing ekgdboc to command line causes panic\n (bsc#1051510).\n\n - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n\n - libertas: do not set URB_ZERO_PACKET on IN USB transfer\n (bsc#1051510).\n\n - libnvdimm, region: Fail badblocks listing for inactive\n regions (bsc#1116899).\n\n - libnvdimm: Hold reference on parent while scheduling\n async init (bsc#1116891).\n\n - livepatch: create and include UAPI headers ().\n\n - llc: set SOCK_RCU_FREE in llc_sap_add_socket()\n (networking-stable-18_11_02).\n\n - lockd: fix 'list_add double add' caused by legacy signal\n interface (git-fixes).\n\n - mac80211: Always report TX status (bsc#1051510).\n\n - mac80211: TDLS: fix skb queue/priority assignment\n (bsc#1051510).\n\n - mac80211: fix TX status reporting for ieee80211s\n (bsc#1051510).\n\n - mac80211_hwsim: do not omit multicast announce of first\n added radio (bsc#1051510).\n\n - mach64: fix display corruption on big endian machines\n (bsc#1113722)\n\n - mach64: fix image corruption due to reading accelerator\n registers (bsc#1113722)\n\n - mailbox: PCC: handle parse error (bsc#1051510).\n\n - make sure that __dentry_kill() always invalidates d_seq,\n unhashed or not (git-fixes).\n\n - md/raid10: fix that replacement cannot complete recovery\n after reassemble (git-fixes).\n\n - md/raid1: add error handling of read error from FailFast\n device (git-fixes).\n\n - md/raid5-cache: disable reshape completely (git-fixes).\n\n - md/raid5: fix data corruption of replacements after\n originals dropped (git-fixes).\n\n - md: fix NULL dereference of mddev->pers in\n remove_and_add_spares() (git-fixes).\n\n - memory_hotplug: cond_resched in __remove_pages\n (bnc#1114178).\n\n - mfd: menelaus: Fix possible race condition and leak\n (bsc#1051510).\n\n - mfd: omap-usb-host: Fix dts probe of children\n (bsc#1051510).\n\n - mlxsw: spectrum: Fix IP2ME CPU policer configuration\n (networking-stable-18_11_21).\n\n - mm: handle no memcg case in memcg_kmem_charge() properly\n (bnc#1113677).\n\n - mm: rework memcg kernel stack accounting (bnc#1113677).\n\n - mmc: dw_mmc-rockchip: correct property names in debug\n (bsc#1051510).\n\n - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev\n 0x8620 rev 0x01 (bsc#1051510).\n\n - modpost: ignore livepatch unresolved relocations ().\n\n - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED\n mounts (bsc#1117819).\n\n - mount: Prevent MNT_DETACH from disconnecting locked\n mounts (bsc#1117820).\n\n - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n\n - neighbour: confirm neigh entries when ARP packet is\n received (networking-stable-18_09_24).\n\n - net-gro: reset skb->pkt_type in napi_reuse_skb()\n (networking-stable-18_11_21).\n\n - net/af_iucv: drop inbound packets with invalid flags\n (bnc#1113501, LTC#172679).\n\n - net/af_iucv: fix skb handling on HiperTransport xmit\n error (bnc#1113501, LTC#172679).\n\n - net/appletalk: fix minor pointer leak to userspace in\n SIOCFINDIPDDPRT (networking-stable-18_09_24).\n\n - net/ibmnvic: Fix deadlock problem in reset ().\n\n - net/ibmvnic: Fix RTNL deadlock during device reset\n (bnc#1115431).\n\n - net/ipv6: Display all addresses in output of\n /proc/net/if_inet6 (networking-stable-18_10_16).\n\n - net/ipv6: Fix index counter for unicast addresses in\n in6_dump_addrs (networking-stable-18_11_02).\n\n - net/mlx5: Check for error in mlx5_attach_interface\n (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix memory leak when creating\n switchdev mode FDB tables (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix out of bound access when setting\n vport rate (networking-stable-18_10_16).\n\n - net/mlx5: Fix debugfs cleanup in the device init/remove\n flow (networking-stable-18_09_18).\n\n - net/mlx5: Fix use-after-free in self-healing flow\n (networking-stable-18_09_18).\n\n - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page\n fault type (networking-stable-18_11_02).\n\n - net/mlx5e: Fix selftest for small MTUs\n (networking-stable-18_11_21).\n\n - net/mlx5e: Set vlan masks for all offloaded TC rules\n (networking-stable-18_10_16).\n\n - net/packet: fix packet drop as of virtio gso\n (networking-stable-18_10_16).\n\n - net/sched: act_pedit: fix dump of extended layered op\n (networking-stable-18_09_11).\n\n - net/sched: act_sample: fix NULL dereference in the data\n path (networking-stable-18_09_24).\n\n - net/usb: cancel pending work when unbinding smsc75xx\n (networking-stable-18_10_16).\n\n - net: aquantia: memory corruption on jumbo frames\n (networking-stable-18_10_16).\n\n - net: bcmgenet: Poll internal PHY for GENETv5\n (networking-stable-18_11_02).\n\n - net: bcmgenet: protect stop from timeout\n (networking-stable-18_11_21).\n\n - net: bcmgenet: use MAC link status for fixed phy\n (networking-stable-18_09_11).\n\n - net: bridge: remove ipv6 zero address check in mcast\n queries (git-fixes).\n\n - net: dsa: bcm_sf2: Call setup during switch resume\n (networking-stable-18_10_16).\n\n - net: dsa: bcm_sf2: Fix unbind ordering\n (networking-stable-18_10_16).\n\n - net: ena: Fix Kconfig dependency on X86 (bsc#1111696\n bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues\n in ena_com (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues\n in ena_netdev (bsc#1111696 bsc#1117561).\n\n - net: ena: change rx copybreak default to reduce kernel\n memory pressure (bsc#1111696 bsc#1117561).\n\n - net: ena: complete host info to match latest ENA spec\n (bsc#1111696 bsc#1117561).\n\n - net: ena: enable Low Latency Queues (bsc#1111696\n bsc#1117561).\n\n - net: ena: explicit casting and initialization, and\n clearer error handling (bsc#1111696 bsc#1117561).\n\n - net: ena: fix NULL dereference due to untimely napi\n initialization (bsc#1111696 bsc#1117561).\n\n - net: ena: fix auto casting to boolean (bsc#1111696\n bsc#1117561).\n\n - net: ena: fix compilation error in xtensa architecture\n (bsc#1111696 bsc#1117561).\n\n - net: ena: fix crash during failed resume from\n hibernation (bsc#1111696 bsc#1117561).\n\n - net: ena: fix indentations in ena_defs for better\n readability (bsc#1111696 bsc#1117561).\n\n - net: ena: fix rare bug when failed restart/resume is\n followed by driver removal (bsc#1111696 bsc#1117561).\n\n - net: ena: fix warning in rmmod caused by double iounmap\n (bsc#1111696 bsc#1117561).\n\n - net: ena: introduce Low Latency Queues data structures\n according to ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: limit refill Rx threshold to 256 to avoid\n latency issues (bsc#1111696 bsc#1117561).\n\n - net: ena: minor performance improvement (bsc#1111696\n bsc#1117561).\n\n - net: ena: remove ndo_poll_controller (bsc#1111696\n bsc#1117561).\n\n - net: ena: remove redundant parameter in\n ena_com_admin_init() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version to 2.0.1 (bsc#1111696\n bsc#1117561).\n\n - net: ena: use CSUM_CHECKED device indication to report\n skb's checksum status (bsc#1111696 bsc#1117561).\n\n - net: fec: do not dump RX FIFO register when not\n available (networking-stable-18_11_02).\n\n - net: hns: fix for unmapping problem when SMMU is on\n (networking-stable-18_10_16).\n\n - net: hp100: fix always-true check for link up state\n (networking-stable-18_09_24).\n\n - net: ibm: fix return type of ndo_start_xmit function ().\n\n - net: ipmr: fix unresolved entry dumps\n (networking-stable-18_11_02).\n\n - net: macb: do not disable MDIO bus at open/close time\n (networking-stable-18_09_11).\n\n - net: mvpp2: Extract the correct ethtype from the skb for\n tx csum offload (networking-stable-18_10_16).\n\n - net: mvpp2: fix a txq_done race condition\n (networking-stable-18_10_16).\n\n - net: phy: mdio-gpio: Fix working over slow can_sleep\n GPIOs (networking-stable-18_11_21).\n\n - net: qca_spi: Fix race condition in spi transfers\n (networking-stable-18_09_18).\n\n - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n\n - net: sched: Fix for duplicate class dump\n (networking-stable-18_11_02).\n\n - net: sched: Fix memory exposure from short TCA_U32_SEL\n (networking-stable-18_09_11).\n\n - net: sched: action_ife: take reference to meta module\n (networking-stable-18_09_11).\n\n - net: sched: gred: pass the right attribute to\n gred_change_table_def() (networking-stable-18_11_02).\n\n - net: smsc95xx: Fix MTU range\n (networking-stable-18_11_21).\n\n - net: socket: fix a missing-check bug\n (networking-stable-18_11_02).\n\n - net: stmmac: Fix stmmac_mdio_reset() when building\n stmmac as modules (networking-stable-18_11_02).\n\n - net: stmmac: Fixup the tail addr setting in xmit path\n (networking-stable-18_10_16).\n\n - net: systemport: Fix wake-up interrupt race during\n resume (networking-stable-18_10_16).\n\n - net: systemport: Protect stop from timeout\n (networking-stable-18_11_21).\n\n - net: udp: fix handling of CHECKSUM_COMPLETE packets\n (networking-stable-18_11_02).\n\n - netlabel: check for IPV4MASK in addrinfo_get\n (networking-stable-18_10_16).\n\n - nfp: wait for posted reconfigs when disabling the device\n (networking-stable-18_09_11).\n\n - nfs: do not wait on commit in nfs_commit_inode() if\n there were no commit requests (git-fixes).\n\n - nfsd4: permit layoutget of executable-only files\n (git-fixes).\n\n - nfsd: CLOSE SHOULD return the invalid special stateid\n for NFSv4.x (x>0) (git-fixes).\n\n - nfsd: Ensure we check stateid validity in the seqid\n operation checks (git-fixes).\n\n - nfsd: Fix another OPEN stateid race (git-fixes).\n\n - nfsd: Fix stateid races between OPEN and CLOSE\n (git-fixes).\n\n - nfsd: check for use of the closed special stateid\n (git-fixes).\n\n - nfsd: deal with revoked delegations appropriately\n (git-fixes).\n\n - nfsd: fix corrupted reply to badly ordered compound\n (git-fixes).\n\n - nfsd: fix potential use-after-free in\n nfsd4_decode_getdeviceinfo (git-fixes).\n\n - nfsd: restrict rd_maxcount to svc_max_payload in\n nfsd_encode_readdir (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds\n (bsc#1051510).\n\n - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT\n (bsc#1051510).\n\n - nospec: Include asm/barrier.h dependency (bsc#1114279).\n\n - nvme: Free ctrl device name on init failure ().\n\n - ocfs2: fix a misuse a of brelse after failing\n ocfs2_check_dir_entry (bsc#1117817).\n\n - ocfs2: fix locking for res->tracking and\n dlm->tracking_list (bsc#1117816).\n\n - ocfs2: fix ocfs2 read block panic (bsc#1117815).\n\n - ocfs2: free up write context when direct IO failed\n (bsc#1117821).\n\n - ocfs2: subsystem.su_mutex is required while accessing\n the item->ci_parent (bsc#1117808).\n\n - openvswitch: Fix push/pop ethernet validation\n (networking-stable-18_11_02).\n\n - pNFS: Always free the session slot on error in\n nfs4_layoutget_handle_exception (git-fixes).\n\n - pNFS: Prevent the layout header refcount going to zero\n in pnfs_roc() (git-fixes).\n\n - pci: dwc: remove duplicate fix References: bsc#1115269\n Patch has been already applied by the following commit:\n 9f73db8b7c PCI: dwc: Fix enumeration end when reaching\n root subordinate (bsc#1051510)\n\n - pcmcia: Implement CLKRUN protocol disabling for Ricoh\n bridges (bsc#1051510).\n\n - percpu: make this_cpu_generic_read() atomic w.r.t.\n interrupts (bsc#1114279).\n\n - perf: fix invalid bit in diagnostic entry (git-fixes).\n\n - pinctrl: at91-pio4: fix has_config check in\n atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n\n - pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix drive strength setting\n (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix err handling of\n pmic_mpp_set_mux (bsc#1051510).\n\n - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be\n compliant (bsc#1051510).\n\n - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be\n compliant (bsc#1051510).\n\n - pipe: match pipe_max_size data type with procfs\n (git-fixes).\n\n - platform/x86: acerhdf: Add BIOS entry for Gateway LT31\n v1.3307 (bsc#1051510).\n\n - platform/x86: intel_telemetry: report debugfs failure\n (bsc#1051510).\n\n - pnfs: Do not release the sequence slot until we've\n processed layoutget on open (git-fixes).\n\n - power: supply: max8998-charger: Fix platform data\n retrieval (bsc#1051510).\n\n - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs\n before POWER9 (bsc#1065729).\n\n - powerpc/boot: Fix opal console in boot wrapper\n (bsc#1065729).\n\n - powerpc/kvm/booke: Fix altivec related build break\n (bsc#1061840).\n\n - powerpc/kvm: Switch kvm pmd allocator to custom\n allocator (bsc#1061840).\n\n - powerpc/mm/keys: Move pte bits to correct headers\n (bsc#1078248).\n\n - powerpc/mm: Fix typo in comments (bsc#1065729).\n\n - powerpc/mm: Rename find_linux_pte_or_hugepte()\n (bsc#1061840).\n\n - powerpc/npu-dma.c: Fix crash after\n __mmu_notifier_register failure (bsc#1055120).\n\n - powerpc/perf: Update raw-event code encoding comment for\n power8 (bsc#1065729).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels on\n demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Finish removing explicit max\n window size check (bsc#1061840).\n\n - powerpc/powernv/ioda: Remove explicit max window size\n check (bsc#1061840).\n\n - powerpc/powernv/npu: Add lock to prevent race in\n concurrent context init/destroy (bsc#1055120).\n\n - powerpc/powernv/npu: Do not explicitly flush nmmu tlb\n (bsc#1055120).\n\n - powerpc/powernv/npu: Fix deadlock in mmio_invalidate()\n (bsc#1055120).\n\n - powerpc/powernv/npu: Prevent overwriting of\n pnv_npu2_init_contex() callback parameters\n (bsc#1055120).\n\n - powerpc/powernv/npu: Use flush_all_mm() instead of\n flush_tlb_mm() (bsc#1055120).\n\n - powerpc/powernv/pci: Work around races in PCI bridge\n enabling (bsc#1055120).\n\n - powerpc/powernv: Add indirect levels to it_userspace\n (bsc#1061840).\n\n - powerpc/powernv: Do not select the cpufreq governors\n (bsc#1065729).\n\n - powerpc/powernv: Fix concurrency issue with\n npu->mmio_atsd_usage (bsc#1055120).\n\n - powerpc/powernv: Fix opal_event_shutdown() called with\n interrupts disabled (bsc#1065729).\n\n - powerpc/powernv: Move TCE manupulation code to its own\n file (bsc#1061840).\n\n - powerpc/powernv: Rework TCE level allocation\n (bsc#1061840).\n\n - powerpc/pseries/mobility: Extend start/stop topology\n update scope (bsc#1116950, bsc#1115709).\n\n - powerpc/pseries: Fix DTL buffer registration\n (bsc#1065729).\n\n - powerpc/pseries: Fix how we iterate over the DTL entries\n (bsc#1065729).\n\n - powerpc/xive: Move definition of ESB bits (bsc#1061840).\n\n - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump\n (bsc#1061840).\n\n - pppoe: fix reception of frames with no mac header\n (networking-stable-18_09_24).\n\n - printk: Fix panic caused by passing log_buf_len to\n command line (bsc#1117168).\n\n - provide linux/set_memory.h (bsc#1113295).\n\n - ptp: fix Spectre v1 vulnerability (bsc#1051510).\n\n - pwm: lpss: Release runtime-pm reference from the\n driver's remove callback (bsc#1051510).\n\n - pxa168fb: prepare the clock (bsc#1051510).\n\n - qmi_wwan: Support dynamic config on Quectel EP06\n (bsc#1051510).\n\n - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared\n device ID (bsc#1051510).\n\n - r8169: fix NAPI handling under high load\n (networking-stable-18_11_02).\n\n - race of lockd inetaddr notifiers vs nlmsvc_rqst change\n (git-fixes).\n\n - rds: fix two RCU related problems\n (networking-stable-18_09_18).\n\n - remoteproc: qcom: Fix potential device node leaks\n (bsc#1051510).\n\n - reset: hisilicon: fix potential NULL pointer dereference\n (bsc#1051510).\n\n - reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n\n - resource: Include resource end in walk_*() interfaces\n (bsc#1114279).\n\n - rpm/kernel-binary.spec.in: add macros.s into\n kernel-*-devel Starting with 4.20-rc1, file\n arch/*/kernel/macros.s is needed to build out of tree\n modules. Add it to kernel-$(flavor)-devel packages if it\n exists.\n\n - rpm/kernel-binary.spec.in: allow unsupported modules for\n -extra (bsc#1111183). SLE-15 and later only.\n\n - rpm/kernel-source.spec.in: Add patches.drm for moved DRM\n patches\n\n - rpm: use syncconfig instead of silentoldconfig where\n available Since mainline commit 0085b4191f3e ('kconfig:\n remove silentoldconfig target'), 'make silentoldconfig'\n can be no longer used. Use 'make syncconfig' instead if\n available.\n\n - rtnetlink: Disallow FDB configuration for non-Ethernet\n device (networking-stable-18_11_02).\n\n - rtnetlink: fix rtnl_fdb_dump() for ndmsg header\n (networking-stable-18_10_16).\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to\n 4096 (networking-stable-18_10_16).\n\n - s390/cpum_sf: Add data entry sizes to sampling trailer\n entry (git-fixes).\n\n - s390/kvm: fix deadlock when killed by oom (bnc#1113501,\n LTC#172235).\n\n - s390/mm: Check for valid vma before zapping in\n gmap_discard (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback\n (git-fixes).\n\n - s390/qeth: fix HiperSockets sniffer (bnc#1113501,\n LTC#172953).\n\n - s390/qeth: handle failure on workqueue creation\n (git-fixes).\n\n - s390/qeth: report 25Gbit link speed (bnc#1113501,\n LTC#172959).\n\n - s390/sclp_tty: enable line mode tty even if there is an\n ascii console (git-fixes).\n\n - s390/sthyi: add cache to store hypervisor info\n (LTC#160415, bsc#1068273).\n\n - s390/sthyi: add s390_sthyi system call (LTC#160415,\n bsc#1068273).\n\n - s390/sthyi: reorganize sthyi implementation (LTC#160415,\n bsc#1068273).\n\n - s390: qeth: Fix potential array overrun in cmd/rc lookup\n (bnc#1113501, LTC#172682).\n\n - s390: qeth_core_mpc: Use ARRAY_SIZE instead of\n reimplementing its function (bnc#1113501, LTC#172682).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - scripts/git_sort/git_sort.py: add mkp/scsi.git\n 4.21/scsi-queue\n\n - scsi: core: Avoid that SCSI device removal through sysfs\n triggers a deadlock (bsc#1114578).\n\n - scsi: libsas: remove irq save in sas_ata_qc_issue()\n (bsc#1114580).\n\n - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n\n - scsi: lpfc: Correct errors accessing fw log\n (bsc#1114015).\n\n - scsi: lpfc: Correct invalid EQ doorbell write on\n if_type=6 (bsc#1114015).\n\n - scsi: lpfc: Correct irq handling via locks when taking\n adapter offline (bsc#1114015).\n\n - scsi: lpfc: Correct loss of fc4 type on remote port\n address change (bsc#1114015).\n\n - scsi: lpfc: Correct race with abort on completion path\n (bsc#1114015).\n\n - scsi: lpfc: Correct soft lockup when running mds\n diagnostics (bsc#1114015).\n\n - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n\n - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN\n (bsc#1114015).\n\n - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by\n ABTS Timeout event (bsc#1114015).\n\n - scsi: lpfc: Fix errors in log messages (bsc#1114015).\n\n - scsi: lpfc: Fix lpfc_sli4_read_config return value check\n (bsc#1114015).\n\n - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in\n point-to-point (bsc#1114015).\n\n - scsi: lpfc: Implement GID_PT on Nameserver query to\n support faster failover (bsc#1114015).\n\n - scsi: lpfc: Raise nvme defaults to support a larger io\n and more connectivity (bsc#1114015).\n\n - scsi: lpfc: Remove set but not used variable 'sgl_size'\n (bsc#1114015).\n\n - scsi: lpfc: Reset link or adapter instead of doing\n infinite nameserver PLOGI retry (bsc#1114015).\n\n - scsi: lpfc: Synchronize access to remoteport via rport\n (bsc#1114015).\n\n - scsi: lpfc: add Trunking support (bsc#1114015).\n\n - scsi: lpfc: add support to retrieve firmware logs\n (bsc#1114015).\n\n - scsi: lpfc: fcoe: Fix link down issue after 1000+ link\n bounces (bsc#1114015).\n\n - scsi: lpfc: raise sg count for nvme to use available sg\n resources (bsc#1114015).\n\n - scsi: lpfc: reduce locking when updating statistics\n (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.7\n (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.8\n (bsc#1114015).\n\n - scsi: qlogicpti: Fix an error handling path in\n 'qpti_sbus_probe()' (bsc#1114581).\n\n - scsi: scsi_transport_srp: Fix shost to rport translation\n (bsc#1114582).\n\n - scsi: sg: fix minor memory leak in error path\n (bsc#1114584).\n\n - scsi: sysfs: Introduce\n sysfs_(un,)break_active_protection() (bsc#1114578).\n\n - scsi: target/tcm_loop: Avoid that static checkers warn\n about dead code (bsc#1114577).\n\n - scsi: target: Fix fortify_panic kernel exception\n (bsc#1114576).\n\n - scsi: target: tcmu: add read length support\n (bsc#1097755).\n\n - sctp: fix race on sctp_id2asoc\n (networking-stable-18_11_02).\n\n - sctp: fix strchange_flags name for Stream Change Event\n (networking-stable-18_11_21).\n\n - sctp: hold transport before accessing its asoc in\n sctp_transport_get_next (networking-stable-18_09_11).\n\n - sctp: not allow to set asoc prsctp_enable by sockopt\n (networking-stable-18_11_21).\n\n - sctp: not increase stream's incnt before sending\n addstrm_in request (networking-stable-18_11_21).\n\n - skip LAYOUTRETURN if layout is invalid (git-fixes).\n\n - soc: fsl: qbman: qman: avoid allocating from non\n existing gen_pool (bsc#1051510).\n\n - soc: ti: QMSS: Fix usage of irq_set_affinity_hint\n (bsc#1051510).\n\n - staging: rtl8723bs: Fix the return value in case of\n error in 'rtw_wx_read32()' (bsc#1051510).\n\n - staging: vchiq_arm: fix compat\n VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n\n - staging:iio:ad7606: fix voltage scales (bsc#1051510).\n\n - sunrpc: Do not use stack buffer with scatterlist\n (git-fixes).\n\n - sunrpc: Fix rpc_task_begin trace point (git-fixes).\n\n - target: fix buffer offset in\n core_scsi3_pri_read_full_status (bsc1117349).\n\n - tcp: do not restart timewait timer on rst reception\n (networking-stable-18_09_11).\n\n - test_firmware: fix error return getting clobbered\n (bsc#1051510).\n\n - tg3: Add PHY reset for 5717/5719/5720 in change ring and\n flow control paths (networking-stable-18_11_21).\n\n - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n\n - thermal: da9062/61: Prevent hardware access during\n system suspend (bsc#1051510).\n\n - thermal: rcar_thermal: Prevent hardware access during\n system suspend (bsc#1051510).\n\n - tipc: do not assume linear buffer when reading ancillary\n data (networking-stable-18_11_21).\n\n - tipc: fix a missing rhashtable_walk_exit()\n (networking-stable-18_09_11).\n\n - tipc: fix flow control accounting for implicit connect\n (networking-stable-18_10_16).\n\n - tpm2-cmd: allow more attempts for selftest execution\n (bsc#1082555).\n\n - tpm: React correctly to RC_TESTING from TPM 2.0 self\n tests (bsc#1082555).\n\n - tpm: Restore functionality to xen vtpm driver\n (bsc#1082555).\n\n - tpm: Trigger only missing TPM 2.0 self tests\n (bsc#1082555).\n\n - tpm: Use dynamic delay to wait for TPM 2.0 self test\n result (bsc#1082555).\n\n - tpm: add retry logic (bsc#1082555).\n\n - tpm: consolidate the TPM startup code (bsc#1082555).\n\n - tpm: do not suspend/resume if power stays on\n (bsc#1082555).\n\n - tpm: fix intermittent failure with self tests\n (bsc#1082555).\n\n - tpm: fix response size validation in tpm_get_random()\n (bsc#1082555).\n\n - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND\n to tpm_input_header (bsc#1082555).\n\n - tpm: move endianness conversion of ordinals to\n tpm_input_header (bsc#1082555).\n\n - tpm: move the delay_msec increment after sleep in\n tpm_transmit() (bsc#1082555).\n\n - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0\n generic drivers (bsc#1082555).\n\n - tpm: self test failure should not cause suspend to fail\n (bsc#1082555).\n\n - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc\n (bsc#1082555).\n\n - tpm: use tpm2_pcr_read() in tpm2_do_selftest()\n (bsc#1082555).\n\n - tpm: use tpm_buf functions in tpm2_pcr_read()\n (bsc#1082555).\n\n - tracing: Apply trace_clock changes to instance max\n buffer (bsc#1117188).\n\n - tracing: Erase irqsoff trace with empty write\n (bsc#1117189).\n\n - tty: Do not block on IO when ldisc change is pending\n (bnc#1105428).\n\n - tty: check name length in tty_find_polling_driver()\n (bsc#1051510).\n\n - tty: wipe buffer (bsc#1051510).\n\n - tty: wipe buffer if not echoing data (bsc#1051510).\n\n - tun: Consistently configure generic netdev params via\n rtnetlink (bsc#1051510).\n\n - tuntap: fix multiqueue rx (networking-stable-18_11_21).\n\n - udp4: fix IP_CMSG_CHECKSUM for connected sockets\n (networking-stable-18_09_24).\n\n - udp6: add missing checks on edumux packet processing\n (networking-stable-18_09_24).\n\n - udp6: fix encap return code for resubmitting\n (git-fixes).\n\n - uio: Fix an Oops on load (bsc#1051510).\n\n - uio: ensure class is registered before devices\n (bsc#1051510).\n\n - uio: make symbol 'uio_class_registered' static\n (bsc#1051510).\n\n - usb: cdc-acm: add entry for Hiro (Conexant) modem\n (bsc#1051510).\n\n - usb: core: Fix hub port connection events lost\n (bsc#1051510).\n\n - usb: dwc2: host: Do not retry NAKed transactions right\n away (bsc#1114385).\n\n - usb: dwc2: host: do not delay retries for CONTROL IN\n transfers (bsc#1114385).\n\n - usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n\n - usb: dwc3: gadget: Properly check last unaligned/zero\n chain TRB (bsc#1051510).\n\n - usb: dwc3: gadget: fix ISOC TRB type on unaligned\n transfers (bsc#1051510).\n\n - usb: gadget: storage: Fix Spectre v1 vulnerability\n (bsc#1051510).\n\n - usb: gadget: u_ether: fix unsafe list iteration\n (bsc#1051510).\n\n - usb: gadget: udc: atmel: handle at91sam9rl PMC\n (bsc#1051510).\n\n - usb: host: ohci-at91: fix request of irq for optional\n gpio (bsc#1051510).\n\n - usb: quirks: Add delay-init quirk for Corsair K70 LUX\n RGB (bsc#1051510).\n\n - usb: xhci: fix timeout for transition from RExit to U0\n (bsc#1051510).\n\n - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison\n overwritten (bsc#1051510).\n\n - usbnet: smsc95xx: disable carrier check while suspending\n (bsc#1051510).\n\n - vfs: fix freeze protection in mnt_want_write_file() for\n overlayfs (git-fixes).\n\n - vhost/scsi: truncate T10 PI iov_iter to prot_bytes\n (bsc#1051510).\n\n - vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n\n - virtio_net: avoid using netif_tx_disable() for\n serializing tx routine (networking-stable-18_11_02).\n\n - w1: omap-hdq: fix missing bus unregister at removal\n (bsc#1051510).\n\n - x86, hibernate: Fix nosave_regions setup for hibernation\n (bsc#1110006).\n\n - x86/MCE: Make correctable error detection look at the\n Deferred bit (bsc#1114279).\n\n - x86/corruption-check: Fix panic in\n memory_corruption_check() when boot option without value\n is provided (bsc#1110006).\n\n - x86/cpu/vmware: Do not trace vmware_sched_clock()\n (bsc#1114279).\n\n - x86/irq: implement\n irq_data_get_effective_affinity_mask() for v4.12\n (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error\n (bsc#1114279).\n\n - x86/ldt: Remove unused variable in map_ldt_struct()\n (bsc#1114279).\n\n - x86/ldt: Split out sanity check in map_ldt_struct()\n (bsc#1114279).\n\n - x86/ldt: Unmap PTEs for the slot before freeing LDT\n pages (bsc#1114279).\n\n - x86/mm/pat: Disable preemption around __flush_tlb_all()\n (bsc#1114279).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs\n ().\n\n - x86/xen: Fix boot loader version reported for PVH guests\n (bnc#1065600).\n\n - xen-swiotlb: use actually allocated size on check\n physical continuous (bnc#1065600).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/blkfront: avoid NULL blkfront_info dereference on\n device removal (bsc#1111062).\n\n - xen/netfront: do not bug in case of too many frags\n (bnc#1104824).\n\n - xen/pvh: do not try to unplug emulated devices\n (bnc#1065600).\n\n - xen/pvh: increase early stack size (bnc#1065600).\n\n - xen: fix race in xen_qlock_wait() (bnc#1107256).\n\n - xen: fix xen_qlock_wait() (bnc#1107256).\n\n - xen: make xen_qlock_wait() nestable (bnc#1107256).\n\n - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).\n\n - xfs: Properly detect when DAX won't be used on any\n device (bsc#1115976).\n\n - xhci: Add check for invalid byte size error when UAS\n devices are connected (bsc#1051510).\n\n - xhci: Fix leaking USB3 shared_hcd at xhci removal\n (bsc#1051510).\n\n - xprtrdma: Do not defer fencing an async RPC's chunks\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/325723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326849\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:14", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - vfio/pci: Fix integer overflows, bitmask check (Vlad Tsyrklevich) [Orabug: 25164094] (CVE-2016-9083) (CVE-2016-9084)\n\n - Don't feed anything but regular iovec's to blk_rq_map_user_iov (Linus Torvalds) [Orabug: 25231931] (CVE-2016-9576)\n\n - kvm: x86: Check memopp before dereference (CVE-2016-8630) (Owen Hofmann) [Orabug: 25417387] (CVE-2016-8630)\n\n - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417799] (CVE-2016-8646)\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462755] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462799] (CVE-2016-4485)\n\n - xen-netback: fix extra_info handling in xenvif_tx_err (Paul Durrant) [Orabug: 25445336]\n\n - net: Documentation: Fix default value tcp_limit_output_bytes (Niklas Cassel) [Orabug:\n 25458076]\n\n - tcp: double default TSQ output bytes limit (Wei Liu) [Orabug: 25458076]\n\n - xenbus: fix deadlock on writes to /proc/xen/xenbus (David Vrabel)", "cvss3": {}, "published": "2017-02-09T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8630", "CVE-2016-8646", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2017-0039.NASL", "href": "https://www.tenable.com/plugins/nessus/97079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0039.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97079);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-8630\", \"CVE-2016-8646\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9576\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0039)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - vfio/pci: Fix integer overflows, bitmask check (Vlad\n Tsyrklevich) [Orabug: 25164094] (CVE-2016-9083)\n (CVE-2016-9084)\n\n - Don't feed anything but regular iovec's to\n blk_rq_map_user_iov (Linus Torvalds) [Orabug: 25231931]\n (CVE-2016-9576)\n\n - kvm: x86: Check memopp before dereference\n (CVE-2016-8630) (Owen Hofmann) [Orabug: 25417387]\n (CVE-2016-8630)\n\n - crypto: algif_hash - Only export and import on sockets\n with data (Herbert Xu) [Orabug: 25417799]\n (CVE-2016-8646)\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu)\n [Orabug: 25462755] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462799]\n (CVE-2016-4485)\n\n - xen-netback: fix extra_info handling in xenvif_tx_err\n (Paul Durrant) [Orabug: 25445336]\n\n - net: Documentation: Fix default value\n tcp_limit_output_bytes (Niklas Cassel) [Orabug:\n 25458076]\n\n - tcp: double default TSQ output bytes limit (Wei Liu)\n [Orabug: 25458076]\n\n - xenbus: fix deadlock on writes to /proc/xen/xenbus\n (David Vrabel)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000647.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?23a1489f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-61.1.27.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-61.1.27.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:00", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3514 advisory.\n\n - The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. (CVE-2016-8630)\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. (CVE-2016-4485)\n\n - drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine confusion bug. (CVE-2016-9083)\n\n - drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. (CVE-2016-9084)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.\n (CVE-2016-9576)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-02-08T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8630", "CVE-2016-8646", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3514.NASL", "href": "https://www.tenable.com/plugins/nessus/97057", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3514.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97057);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-4482\",\n \"CVE-2016-4485\",\n \"CVE-2016-8630\",\n \"CVE-2016-8646\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9576\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3514)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3514 advisory.\n\n - The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is\n enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M\n byte in an undefined instruction. (CVE-2016-8630)\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a\n certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by\n reading a message. (CVE-2016-4485)\n\n - drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer\n overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine\n confusion bug. (CVE-2016-9083)\n\n - drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which\n allows local users to cause a denial of service (integer overflow) or have unspecified other impact by\n leveraging access to a vfio PCI device file. (CVE-2016-9084)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly\n restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.\n (CVE-2016-9576)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to\n cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not\n initialize a certain data structure, which allows local users to obtain sensitive information from kernel\n stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3514.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9576\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-61.1.27.el6uek', '4.1.12-61.1.27.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3514');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-4.1.12-61.1.27.el6uek-0.5.3-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.27.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.27.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'dtrace-modules-4.1.12-61.1.27.el7uek-0.5.3-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.27.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.27.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-4.1.12-61.1.27.el6uek / dtrace-modules-4.1.12-61.1.27.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:21", "description": "The 4.8.6 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-08T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2016-96d276367e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9083", "CVE-2016-9084"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-96D276367E.NASL", "href": "https://www.tenable.com/plugins/nessus/94617", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-96d276367e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94617);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9083\", \"CVE-2016-9084\");\n script_xref(name:\"FEDORA\", value:\"2016-96d276367e\");\n\n script_name(english:\"Fedora 24 : kernel (2016-96d276367e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.6 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-96d276367e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9083\", \"CVE-2016-9084\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-96d276367e\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.8.6-201.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:26", "description": "This update should fix the adjtimex issues seen on 32bit systems with 3.18.5-100 The 3.18.5 stable update contains a number of important fixes across the tree. The 3.18.4 stable update contains a number new features and drivers as well as several important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-02-09T00:00:00", "type": "nessus", "title": "Fedora 20 : kernel-3.18.5-101.fc20 (2015-1672)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0239", "CVE-2015-1465"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-1672.NASL", "href": "https://www.tenable.com/plugins/nessus/81219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-1672.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81219);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0239\", \"CVE-2015-1465\");\n script_xref(name:\"FEDORA\", value:\"2015-1672\");\n\n script_name(english:\"Fedora 20 : kernel-3.18.5-101.fc20 (2015-1672)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update should fix the adjtimex issues seen on 32bit systems with\n3.18.5-100 The 3.18.5 stable update contains a number of important\nfixes across the tree. The 3.18.4 stable update contains a number new\nfeatures and drivers as well as several important fixes across the\ntree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1183744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1186448\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/149346.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?158a57c5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"kernel-3.18.5-101.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:12", "description": "This update should fix the adjtimex issues seen on 32bit systems with 3.18.5-200 The 3.18.5 stable update contains a number of important fixes across the tree. The 3.18.4 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-02-06T00:00:00", "type": "nessus", "title": "Fedora 21 : kernel-3.18.5-201.fc21 (2015-1657)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0239", "CVE-2015-1465"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-1657.NASL", "href": "https://www.tenable.com/plugins/nessus/81192", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-1657.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81192);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0239\", \"CVE-2015-1465\");\n script_xref(name:\"FEDORA\", value:\"2015-1657\");\n\n script_name(english:\"Fedora 21 : kernel-3.18.5-201.fc21 (2015-1657)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update should fix the adjtimex issues seen on 32bit systems with\n3.18.5-200 The 3.18.5 stable update contains a number of important\nfixes across the tree. The 3.18.4 stable update contains a number of\nimportant fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1183744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1186448\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/149172.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1f0bccc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"kernel-3.18.5-201.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:58", "description": "The SUSE Linux Enterprise 12 SP 2 kernel was updated to fix two security issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:3146-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3146-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3146-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95806);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:3146-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP 2 kernel was updated to fix two\nsecurity issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163146-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d2f4f7e7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2016-1815=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2016-1815=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1815=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1815=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2016-1815=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2016-1815=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1815=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.21-90.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:56", "description": "The openSUSE 13.1 kernel was updated to fix two security issues.\n\nThe following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-1454)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:iscsitarget", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:iscsitarget-debugsource", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper", "p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:openvswitch", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:openvswitch-controller", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:openvswitch-debugsource", "p-cpe:/a:novell:opensuse:openvswitch-kmp-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop", "p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:openvswitch-pki", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:openvswitch-switch", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:openvswitch-test", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:python-openvswitch", "p-cpe:/a:novell:opensuse:python-openvswitch-test", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:vhba-kmp-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:vhba-kmp-default", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domu", "p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo", "p-cpe:/a:novell:opensuse:xen-xend-tools", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo"], "id": "OPENSUSE-2016-1454.NASL", "href": "https://www.tenable.com/plugins/nessus/95789", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1454.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95789);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1454)\");\n script_summary(english:\"Check for the openSUSE-2016-1454 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 13.1 kernel was updated to fix two security issues.\n\nThe following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-pki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-switch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-2.639-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debuginfo-2.639-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debugsource-2.639-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debuginfo-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debugsource-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-devel-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-debuginfo-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-debuginfo-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-debuginfo-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-debuginfo-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-debuginfo-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-debuginfo-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-debugsource-1.28-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-6.21.1-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debuginfo-6.21.1-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debugsource-6.21.1-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-devel-6.21.1-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-debuginfo-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-debuginfo-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-debuginfo-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-debuginfo-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-1.4.20.3-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debuginfo-1.4.20.3-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debugsource-1.4.20.3-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-macros-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-vanilla-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-syms-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-6.21.1-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-debuginfo-6.21.1-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-1.58-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debuginfo-1.58-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debugsource-1.58-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-1.58_k3.12.67_64-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-debuginfo-1.58_k3.12.67_64-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-1.58_k3.12.67_64-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-debuginfo-1.58_k3.12.67_64-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-1.58_k3.12.67_64-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-debuginfo-1.58_k3.12.67_64-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-controller-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-controller-debuginfo-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-debuginfo-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-debugsource-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-default-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-default-debuginfo-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-desktop-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-desktop-debuginfo-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-pae-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-pae-debuginfo-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-xen-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-xen-debuginfo-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-pki-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-switch-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-switch-debuginfo-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-test-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-0.44-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debuginfo-0.44-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debugsource-0.44-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-0.44_k3.12.67_64-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.12.67_64-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-0.44_k3.12.67_64-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.12.67_64-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-0.44_k3.12.67_64-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.12.67_64-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-openvswitch-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-openvswitch-test-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-debuginfo-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-debugsource-20130607-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-default-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-default-debuginfo-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-desktop-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-desktop-debuginfo-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-pae-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-pae-debuginfo-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-xen-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-xen-debuginfo-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debuginfo-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debugsource-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-devel-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-debuginfo-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-debuginfo-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-debuginfo-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-debuginfo-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-debuginfo-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-debuginfo-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-debuginfo-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-source-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-debuginfo-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-debuginfo-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-debugsource-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-devel-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-4.3.4_10_k3.12.67_64-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-debuginfo-4.3.4_10_k3.12.67_64-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-4.3.4_10_k3.12.67_64-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-debuginfo-4.3.4_10_k3.12.67_64-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-4.3.4_10_k3.12.67_64-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-debuginfo-4.3.4_10_k3.12.67_64-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-debuginfo-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-debuginfo-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-2.3-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debuginfo-2.3-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debugsource-2.3-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-debuginfo-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-debuginfo-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-debuginfo-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-debuginfo-4.3.4_10-73.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloop / cloop-debuginfo / cloop-debugsource / cloop-kmp-default / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:49", "description": "The SUSE Linux Enterprise 11 SP 2 kernel was updated to fix two security issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3252-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-3252-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96137", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3252-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96137);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3252-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP 2 kernel was updated to fix two\nsecurity issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163252-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b5650a9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-kernel-12915=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch\ndbgsp2-kernel-12915=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-default-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-default-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-default-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-source-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-syms-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-trace-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-trace-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-trace-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.7.47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:43", "description": "The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 .", "cvss3": {}, "published": "2017-01-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2017-786)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10088", "CVE-2016-9576"], "modified": "2018-09-04T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-786.NASL", "href": "https://www.tenable.com/plugins/nessus/96632", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-786.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96632);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/09/04 13:20:07\");\n\n script_cve_id(\"CVE-2016-10088\");\n script_xref(name:\"ALAS\", value:\"2017-786\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-786)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The sg implementation in the Linux kernel did not properly restrict\nwrite operations in situations where the KERNEL_DS option is set,\nwhich allows local users to read or write to arbitrary kernel memory\nlocations or cause a denial of service (use-after-free) by leveraging\naccess to a /dev/sg device, related to block/bsg.c and\ndrivers/scsi/sg.c. NOTE: this vulnerability exists because of an\nincomplete fix for CVE-2016-9576 .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-786.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update kernel' to update your system. You will need to reboot\nyour system in order for the new kernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.4.41-36.55.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:21", "description": "The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\nImpact\n\nThis vulnerability may allowlocally authenticated users to read or write to arbitrary kernel memory locations or cause a denial of service (DoS).\n\nNote : The exploit requires local shell access and can provide a user with root access to the system. On BIG-IP systems, shell access includes root privileges, making this exploit unnecessary.", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K54610514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10088", "CVE-2016-9576"], "modified": "2020-03-09T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL54610514.NASL", "href": "https://www.tenable.com/plugins/nessus/104307", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K54610514.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104307);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-9576\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K54610514)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The sg implementation in the Linux kernel through 4.9 does not\nproperly restrict write operations in situations where the KERNEL_DS\noption is set, which allows local users to read or write to arbitrary\nkernel memory locations or cause a denial of service (use-after-free)\nby leveraging access to a /dev/sg device, related to block/bsg.c and\ndrivers/scsi/sg.c. NOTE: this vulnerability exists because of an\nincomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\nImpact\n\nThis vulnerability may allowlocally authenticated users to read or\nwrite to arbitrary kernel memory locations or cause a denial of\nservice (DoS).\n\nNote : The exploit requires local shell access and can provide a user\nwith root access to the system. On BIG-IP systems, shell access\nincludes root privileges, making this exploit unnecessary.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K54610514\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K54610514.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K54610514\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\",\"11.2.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\",\"11.2.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.4.0-11.5.4\",\"11.2.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.2-11.6.3\",\"11.5.5\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\",\"11.2.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\",\"11.2.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:12:47", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to fix two security issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-21T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3203-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-3203-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95991", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3203-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95991);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3203-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to fix two\nsecurity issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163203-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97fbcf94\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-linux-kernel-12901=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-linux-kernel-12901=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-linux-kernel-12901=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-linux-kernel-12901=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-91.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:41", "description": "The SUSE Linux Enterprise 12 SP 2 kernel was updated to fix two security issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:3188-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3188-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3188-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96033);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:3188-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP 2 kernel was updated to fix two\nsecurity issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163188-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fbea09e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1845=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1845=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1845=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2016-1845=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2016-1845=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1845=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.67-60.64.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:53", "description": "The SUSE Linux Enterprise 12 kernel was updated to receive two security fixes. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3217-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_63-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_63-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3217-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3217-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96080);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3217-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to receive two\nsecurity fixes. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163217-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dea505c5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1876=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1876=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2016-1876=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_63-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_63-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_63-default-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_63-xen-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.60-52.63.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:53", "description": "The SUSE Linux Enterprise 11 SP 3 kernel was updated to fix two security issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-22T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3248-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base"], "id": "SUSE_SU-2016-3248-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3248-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96089);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3248-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP 3 kernel was updated to fix two\nsecurity issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163248-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3055a6c0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch sleclo50sp3-kernel-12909=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch slemap21-kernel-12909=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-kernel-12909=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-kernel-12909=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-12909=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-kernel-12909=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-kernel-12909=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-source-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-syms-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.47.93.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:34", "description": "The 4.10.13 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-02T00:00:00", "type": "nessus", "title": "Fedora 25 : kernel (2017-17d1c05236)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9604", "CVE-2017-7477"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-17D1C05236.NASL", "href": "https://www.tenable.com/plugins/nessus/99923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-17d1c05236.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99923);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9604\", \"CVE-2017-7477\");\n script_xref(name:\"FEDORA\", value:\"2017-17d1c05236\");\n\n script_name(english:\"Fedora 25 : kernel (2017-17d1c05236)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.10.13 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-17d1c05236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9604\", \"CVE-2017-7477\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-17d1c05236\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.10.13-200.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:05", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate)\n\nBug Fix(es) :\n\n* The kernel-rt packages have been upgraded to the 3.10.0-693.21.1 source tree, which provides a number of bug fixes over the previous version. (BZ# 1537671)", "cvss3": {}, "published": "2018-03-07T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2018:0412)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12188", "CVE-2017-18270", "CVE-2017-7518"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-0412.NASL", "href": "https://www.tenable.com/plugins/nessus/107189", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0412. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107189);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-12188\", \"CVE-2017-18270\", \"CVE-2017-7518\");\n script_xref(name:\"RHSA\", value:\"2018:0412\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2018:0412)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks\n(CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,\nModerate)\n\nBug Fix(es) :\n\n* The kernel-rt packages have been upgraded to the 3.10.0-693.21.1\nsource tree, which provides a number of bug fixes over the previous\nversion. (BZ# 1537671)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-18270\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-12188\", \"CVE-2017-18270\", \"CVE-2017-7518\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0412\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0412\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:15:13", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Linux kernel in the way a local user could create keyrings for other users via keyctl commands. This may allow an attacker to set unwanted defaults, a denial of service, or possibly leak keyring information between users.(CVE-2017-18270)\n\n - A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls.(CVE-2018-1130)\n\n - A flaw was found in the Linux kernel, before 4.16.6 where the cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.(CVE-2018-10940)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1297)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18270", "CVE-2018-10940", "CVE-2018-1130"], "modified": "2022-03-10T00:00:00", "cpe": ["cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf"], "id": "EULEROS_SA-2018-1297.NASL", "href": "https://www.tenable.com/plugins/nessus/117741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117741);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/10\");\n\n script_cve_id(\"CVE-2017-18270\", \"CVE-2018-1130\", \"CVE-2018-10940\");\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1297)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel in the way a local\n user could create keyrings for other users via keyctl\n commands. This may allow an attacker to set unwanted\n defaults, a denial of service, or possibly leak keyring\n information between users.(CVE-2017-18270)\n\n - A null pointer dereference in dccp_write_xmit()\n function in net/dccp/output.c in the Linux kernel\n allows a local user to cause a denial of service by a\n number of certain crafted system calls.(CVE-2018-1130)\n\n - A flaw was found in the Linux kernel, before 4.16.6\n where the cdrom_ioctl_media_changed function in\n drivers/cdrom/cdrom.c allows local attackers to use a\n incorrect bounds check in the CDROM driver\n CDROM_MEDIA_CHANGED ioctl to read out kernel\n memory.(CVE-2018-10940)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1297\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?37679fd1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18270\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h142\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h142\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h142\",\n \"kernel-devel-3.10.0-514.44.5.10.h142\",\n \"kernel-headers-3.10.0-514.44.5.10.h142\",\n \"kernel-tools-3.10.0-514.44.5.10.h142\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h142\",\n \"perf-3.10.0-514.44.5.10.h142\",\n \"python-perf-3.10.0-514.44.5.10.h142\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:37", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.(CVE-2017-18270)\n\n - ** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3 c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible.(CVE-2018-1000204)\n\n - A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/pid/cmdline (or /proc/pid/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).(CVE-2018-1120)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1280)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18270", "CVE-2018-1000204", "CVE-2018-1120"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:2.5.1"], "id": "EULEROS_SA-2018-1280.NASL", "href": "https://www.tenable.com/plugins/nessus/117586", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117586);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18270\",\n \"CVE-2018-1000204\",\n \"CVE-2018-1120\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1280)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In the Linux kernel before 4.13.5, a local user could\n create keyrings for other users via keyctl commands,\n setting unwanted defaults or causing a denial of\n service.(CVE-2017-18270)\n\n - ** DISPUTED ** Linux Kernel version 3.18 to 4.16\n incorrectly handles an SG_IO ioctl on /dev/sg0 with\n dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte\n cmdp. This may lead to copying up to 1000 kernel heap\n pages to the userspace. This has been fixed upstream in\n https://github.com/torvalds/linux/commit/a45b599ad808c3\n c982fdcdc12b0b8611c2f92824 already. The problem has\n limited scope, as users don't usually have permissions\n to access SCSI devices. On the other hand, e.g. the\n Nero user manual suggests doing `chmod o+r+w /dev/sg*`\n to make the devices accessible.(CVE-2018-1000204)\n\n - A flaw was found affecting the Linux kernel before\n version 4.17. By mmap()ing a FUSE-backed file onto a\n process's memory containing command line arguments (or\n environment strings), an attacker can cause utilities\n from psutils or procps (such as ps, w) or any other\n program which makes a read() call to the\n /proc/pid/cmdline (or /proc/pid/environ) files to block\n indefinitely (denial of service) or for some controlled\n time (as a synchronization primitive for other\n attacks).(CVE-2018-1120)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1280\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?715ecb89\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10_54\",\n \"kernel-devel-3.10.0-514.44.5.10_54\",\n \"kernel-headers-3.10.0-514.44.5.10_54\",\n \"kernel-tools-3.10.0-514.44.5.10_54\",\n \"kernel-tools-libs-3.10.0-514.44.5.10_54\",\n \"kernel-tools-libs-devel-3.10.0-514.44.5.10_54\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:11", "description": "The 4.8.13 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-13T00:00:00", "type": "nessus", "title": "Fedora 25 : kernel (2016-107f03cc00)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8655", "CVE-2016-9576", "CVE-2016-9793"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-107F03CC00.NASL", "href": "https://www.tenable.com/plugins/nessus/95726", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-107f03cc00.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95726);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8655\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n script_xref(name:\"FEDORA\", value:\"2016-107f03cc00\");\n\n script_name(english:\"Fedora 25 : kernel (2016-107f03cc00)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.13 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-107f03cc00\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-8655\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-107f03cc00\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.8.13-300.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:42", "description": "The 4.8.13 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "Fedora 23 : kernel (2016-5aff4a6bbc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8655", "CVE-2016-9576", "CVE-2016-9793"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-5AFF4A6BBC.NASL", "href": "https://www.tenable.com/plugins/nessus/95778", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-5aff4a6bbc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95778);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8655\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n script_xref(name:\"FEDORA\", value:\"2016-5aff4a6bbc\");\n\n script_name(english:\"Fedora 23 : kernel (2016-5aff4a6bbc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.13 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-5aff4a6bbc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-8655\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-5aff4a6bbc\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"kernel-4.8.13-100.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:11", "description": "The 4.8.13 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-13T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2016-5cb5b4082d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8655", "CVE-2016-9576", "CVE-2016-9793"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-5CB5B4082D.NASL", "href": "https://www.tenable.com/plugins/nessus/95727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-5cb5b4082d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95727);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8655\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n script_xref(name:\"FEDORA\", value:\"2016-5cb5b4082d\");\n\n script_name(english:\"Fedora 24 : kernel (2016-5cb5b4082d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.13 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-5cb5b4082d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-8655\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-5cb5b4082d\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.8.13-200.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:36:09", "description": "This update for the Linux Kernel 3.12.60-52_60 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-25T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0267-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_60-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_60-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0267-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0267-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96761);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0267-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.60-52_60 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the\n snd_pcm_period_elapsed function in sound/core/pcm_lib.c\n in the ALSA subsystem in the Linux kernel allowed local\n users to cause a denial of service (use-after-free) or\n possibly have unspecified other impact via a crafted\n SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in\n block/blk-map.c in the Linux kernel did not properly\n restrict the type of iterator, which allowed local users\n to read or write to arbitrary kernel memory locations or\n cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170267-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1ede93f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-142=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-142=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_60-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_60-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_60-default-2-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_60-xen-2-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:24:47", "description": "A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-12-04T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2041-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4299", "CVE-2013-4350", "CVE-2013-4387"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2041-1.NASL", "href": "https://www.tenable.com/plugins/nessus/71207", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2041-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71207);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-4299\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(62405, 62696, 63183);\n script_xref(name:\"USN\", value:\"2041-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2041-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the Linux kernel's dm snapshot facility. A\nremote authenticated user could exploit this flaw to obtain sensitive\ninformation or modify/corrupt data. (CVE-2013-4299)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2041-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.8-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4299\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2041-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.8.0-34-generic\", pkgver:\"3.8.0-34.49~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.8-generic\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:15:24", "description": "A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-12-04T00:00:00", "type": "nessus", "title": "Ubuntu 13.04 : linux vulnerabilities (USN-2045-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4299", "CVE-2013-4350", "CVE-2013-4387"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic", "cpe:/o:canonical:ubuntu_linux:13.04"], "id": "UBUNTU_USN-2045-1.NASL", "href": "https://www.tenable.com/plugins/nessus/71210", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2045-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71210);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-4299\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(62405, 62696, 63183);\n script_xref(name:\"USN\", value:\"2045-1\");\n\n script_name(english:\"Ubuntu 13.04 : linux vulnerabilities (USN-2045-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the Linux kernel's dm snapshot facility. A\nremote authenticated user could exploit this flaw to obtain sensitive\ninformation or modify/corrupt data. (CVE-2013-4299)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2045-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.8-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4299\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2045-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"13.04\", pkgname:\"linux-image-3.8.0-34-generic\", pkgver:\"3.8.0-34.49\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.8-generic\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:28", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0100 advisory.\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel-rt (RHSA-2020:0100)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281", "CVE-2018-20856", "CVE-2019-11599"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel"], "id": "REDHAT-RHSA-2020-0100.NASL", "href": "https://www.tenable.com/plugins/nessus/132947", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0100. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132947);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2018-18281\", \"CVE-2018-20856\", \"CVE-2019-11599\");\n script_xref(name:\"RHSA\", value:\"2020:0100\");\n\n script_name(english:\"RHEL 6 : kernel-rt (RHSA-2020:0100)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0100 advisory.\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1738705\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-20856\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 362, 667, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-18281', 'CVE-2018-20856', 'CVE-2019-11599');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0100');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-debug-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-debug-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-doc-3.10.0-693.62.1.rt56.659.el6rt', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-firmware-3.10.0-693.62.1.rt56.659.el6rt', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-trace-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-trace-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-vanilla-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-vanilla-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / kernel-rt-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:16:01", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0179 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-22T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-18281", "CVE-2019-11599"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-0179.NASL", "href": "https://www.tenable.com/plugins/nessus/133164", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0179. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133164);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-18281\", \"CVE-2019-11599\");\n script_bugtraq_id(105761, 108113);\n script_xref(name:\"RHSA\", value:\"2020:0179\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0179)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0179 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1589890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705937\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(250, 362, 667, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-10853', 'CVE-2018-18281', 'CVE-2019-11599');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0179');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.43.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:27", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.57 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker to escalate privileges in a use-after-free scenario. (bsc#966437)\n\n - CVE-2015-8816: A malicious USB device could cause a kernel crash in the USB hub driver. (bnc#968010).\n\n - CVE-2016-2143: On zSeries a fork of a large process could have caused memory corruption due to incorrect page table handling. (bnc#970504)\n\n - CVE-2016-2184: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. (bsc#971125).\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. (bsc#966693)\n\n - CVE-2016-2782: A malicious USB device could cause a kernel crash in the usb visor driver. (bnc#968670).\n\n - CVE-2016-3139: A malicious USB device could cause a kernel crash in the wacom driver. (bnc#970909).\n\n - CVE-2016-3156: Removal of ipv4 interfaces with a large number of IP addresses was taking very long.\n (bsc#971360).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states 'there is no kernel bug here (bnc#960561).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-04-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1019-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8709", "CVE-2015-8812", "CVE-2015-8816", "CVE-2016-2143", "CVE-2016-2184", "CVE-2016-2384", "CVE-2016-2782", "CVE-2016-3139", "CVE-2016-3156"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1019-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90531", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1019-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90531);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-8709\", \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2384\", \"CVE-2016-2782\", \"CVE-2016-3139\", \"CVE-2016-3156\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1019-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.57 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel\n driver when the network was considered congested. The\n kernel would incorrectly misinterpret the congestion as\n an error condition and incorrectly free/clean up the\n skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the\n system or allow an attacker to escalate privileges in a\n use-after-free scenario. (bsc#966437)\n\n - CVE-2015-8816: A malicious USB device could cause a\n kernel crash in the USB hub driver. (bnc#968010).\n\n - CVE-2016-2143: On zSeries a fork of a large process\n could have caused memory corruption due to incorrect\n page table handling. (bnc#970504)\n\n - CVE-2016-2184: A malicious USB device could cause a\n kernel crash in the alsa usb-audio driver. (bsc#971125).\n\n - CVE-2016-2384: A malicious USB device could cause a\n kernel crash in the alsa usb-audio driver. (bsc#966693)\n\n - CVE-2016-2782: A malicious USB device could cause a\n kernel crash in the usb visor driver. (bnc#968670).\n\n - CVE-2016-3139: A malicious USB device could cause a\n kernel crash in the wacom driver. (bnc#970909).\n\n - CVE-2016-3156: Removal of ipv4 interfaces with a large\n number of IP addresses was taking very long.\n (bsc#971360).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel\n mishandled uid and gid mappings, which allowed local\n users to gain privileges by establishing a user\n namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the\n ptrace system call. NOTE: the vendor states 'there is no\n kernel bug here (bnc#960561).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=816099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=867251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=875631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=880007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963765\"\n );\n script_set_attribute(\n